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THE FEDERAL INFORMATION TECHNOLOGY 
REFORM ACT’S (FITARA) ROLE IN REDUC- 
ING IT ACQUISITION RISK, PART H: MEAS- 
URING AGENCIES’ FITARA IMPLEMENTA- 
TION 


Wednesday, November 4, 2015 

House of Representatives, 

Subcommittee on Information Technology, joint 
WITH THE Subcommittee on Government Operations, 

Committee on Oversight and Government Reform, 

Washington, D.C. 

The subcommittees met, pursuant to call, at 3:01 p.m., in Room 
2154, Rayburn House Office Building, Hon. Will Hurd [chairman of 
the Subcommittee on Information Technology] presiding. 

Present from the Subcommittee on Information Technology: Rep- 
resentatives Hurd, Blum, Kelly, Duckworth, and Lieu. 

Present from the Subcommittee on Government Operations: Rep- 
resentatives Meadows, Walberg, Massie, Buck, Carter, Connolly, 
and Plaskett. 

Also Present: Representative Chaffetz. 

Mr. Hurd. The Subcommittee on Information Technology and the 
Subcommittee on Government Operations will come to order. 

Without objection, the chair is authorized to declare a recess at 
any time. 

Each year, the Federal Government spends $80 billion on IT, and 
80 percent of that spending is on old, outdated legacy systems. It 
is not a secret that the IT acquisition and procurement process in 
the Federal Government is broken. 

In June, we held a hearing examining GAO’s designation of IT 
acquisition as “high risk” and highlighted how FITARA can reduce 
IT acquisition risk over time and eliminate wasteful spending. Fed- 
eral agencies have now had nearly 1 year since the law’s enactment 
and 4 months since the issuance of OMB’s guidance to implement 
this law. 

This hearing continues an ongoing effort on the part of this com- 
mittee to improve how the Federal Government goes about buying, 
maintaining, and ultimately retiring information technology. 

In June, I had stated that, while FITARA is not a panacea for 
all IT acquisition problems, it can be a useful tool to make real 
progress in reducing the risk of these large investments. I still 
strongly believe this today. 

This morning, we released a scorecard grading Federal agencies 
on four of the seven key metrics of FITARA: data center consolida- 
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tion; IT portfolio review savings, or PortfolioStat; incremental de- 
velopment or CIO authority enhancements; and risk assessment 
transparency. 

The committee worked in a bipartisan fashion to develop metrics 
that fairly assess the progress agencies are making in these areas 
and then tasked GAO to gather the data. To be clear, this is not 
data that we, ourselves, came up with. The data that was used to 
compute these grades is largely self-reported by agencies to Con- 
gress and 0MB. 

While it is clear from looking at these grades that no agency gets 
a gold star and goes to the head of the class, some agencies — and 
we have one of them here today — are making progress. Frankly, 
though, there is a reason that no agency received an A: We have 
work to do. 

One area in particular that stands out to me is the Federal Data 
Center Consolidation Initiative. The consolidation of Federal data 
centers not only has the potential for tremendous cost savings, up- 
wards of $7.4 billion, according to GAO, but would have very real 
impacts on the cybersecurity posture of Federal agencies. 

We, as a Federal Government, simply cannot afford to continue 
spending $80 billion or more on legacy systems year after year 
after year and expect to keep pace with industry, provide services 
to the American people, and keep our data secure. We cannot af- 
ford to be having this same discussion about IT management and 
acquisition in another 20 years. 

Federal agencies should be put on notice that Congress will not 
sit by the wayside and allow the law to be skirted. No agency will 
be exempt from this law. But if agency CIOs will simply implement 
FITARA — meaning they actually make progress in consolidating 
data centers, find savings through the PortfolioStat process, move 
away from big-bang acquisitions to incremental development, and 
accurately assess risk — we won’t be. 

I said this in June, and I want to reiterate it here: I look forward 
to working with the leadership and members of the IT and Govern- 
ment Operations Subcommittees on both sides of the aisle and with 
agency CIOs to continue to advance the cause of good IT govern- 
ance. We have to get it right this time. 

And I would like to yield the balance of my time to the chairman 
of the full committee, Jason Chaffetz. 

Mr. Chaffetz. Thank you, and I appreciate the time. 

I want to thank you. Chairman Hurd, I also want to thank 
Chairman Meadows, for paying such close attention to this. It is 
done in a very bipartisan way with Ranking Members Connolly 
and Kelly. I also appreciate Mr. Cummings and the work he is 
done and the approach that we are doing together, because it truly 
has been a bipartisan effort and needs to continue that way. 

It is important for Federal agencies to make sure that we are 
questioning the results on the scorecard. It is not a partisan issue. 
And the committee’s grades are based on self-reported data, which 
is an important part of understanding where we are today. 

The scorecard that was unveiled this morning is an effort to 
make clearer to CIOs, agency leadership, and the American people 
that the committee intends to ensure that this law is implemented 
correctly and fully. As Chairman Hurd mentioned in his opening 
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statement, we cannot afford to keep on spending to the tune of $80 
billion a year and perpetuating outdated legacy technologies. 

Since I was elected to Congress, same time that President 
Obama was elected to the White House, the Federal Government 
has spent more than $525 billion on IT, and it doesn’t work. It 
doesn’t work. Too many vulnerabilities, too many stories of agen- 
cies with old, outdated legacy systems where we are taking young 
20-year-olds and trying to teach them how to do things that were 
invented literally in the 1950s. 

Again, the examples of COBOL and other types of technology, 
while great in mid-1950s, well before many of us were even born 
on this dais, we still continue to implement and to use them within 
the Federal Government, and that needs to change. 

There is a reason that the committee held a hearing on the 
GAO’s high-risk list, and there is a reason that the IT acquisition 
was on it. Information technology is the infrastructure of our fu- 
ture. It is supposed to make life better. It is supposed to make life 
more secure, more simple, and more swift. 

I am getting tired, quite frankly, of asking the Federal Govern- 
ment for basic documents and hearing that it is going to take years 
to produce them when the Microsoft Corporation and others have 
figured out a way to access an email within seconds. Those excuses 
have come and gone, and technology is our friend. It is supposed 
to be here to help us, but it also needs to be safe and secure. 

Ultimately, FITARA is an effort to ensure that agencies are buy- 
ing and developing technologies in an efficient way that is trans- 
parent and gives agencies the tools they need to do the work for 
the American people. 

I look forward to the hearing and the testimony today. We have 
good witnesses today. 

I appreciate the five of you for being here, what you provide and 
your perspectives and all that you are trying to do, with, I think, 
the same goals and direction that we all here are doing. 

And I, again, appreciate the bipartisan work and look forward to 
the hearing. 

I yield back. 

Mr. Hurd. I now recognize my friend and the ranking member, 
Ms. Kelly — she is the ranking member of the Subcommittee on In- 
formation Technology — for her opening statement. 

Ms. Kelly. Thank you, Mr. Chairman. 

Today’s hearing is the second hearing in a series of oversight 
hearings the subcommittee will hold on FITARA implementation to 
help ensure agencies achieve the desired goals of the law and gen- 
erate opportunities for government savings and efficiency in the 
procurement of information technology. 

FITARA includes a number of government-wide reforms for man- 
aging IT acquisitions and portfolios that will help ensure that the 
Federal Government is making wise and efficient investments in 
IT. This hearing will help us understand the status of implementa- 
tion of FITARA and how agencies are doing on four important ini- 
tiatives required by FITARA that could quickly improve the man- 
agement of IT and save taxpayer dollars. 

Agency-wide IT portfolio review and data center consolidation 
are two provisions of FITARA that can quickly help agencies re- 
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duce spending, optimize IT resources, and ensure IT investments 
align with agencies’ mission and business functions. 

This committee plays an important oversight role that can in- 
crease transparency and accountability of agency implementation 
efforts. Earlier this year, the committee tasked the Government Ac- 
countability Office with assessing and scoring agencies’ implemen- 
tation of four initiatives required by FITARA, including portfolio 
review and data center consolidation. 

As the chairman said, today we released the FITARA scorecard 
results and will discuss the performance of the three agencies here 
today. While these three agencies were selected for this initial 
scorecard hearing, I hope the subcommittees will continue to hold 
hearings with all agencies to measure their performance and hold 
them accountable for fully implementing FITARA provisions. 

These hearings and the FITARA scorecard show the committee’s 
interest and commitment to achieving the goals of FITARA, as well 
as present an opportunity for agencies to demonstrate their efforts 
to generate savings and efficiencies in the management of IT re- 
sources. 

Today’s agencies are working with 0MB to assess their current 
structure for managing IT resources and develop a plan for imple- 
menting the specific authorities that FITARA provides chief infor- 
mation officers. Agencies are required to notify 0MB of any obsta- 
cles to implementation and work with 0MB to overcome those ob- 
stacles. 

I look forward to hearing from the witnesses on the status of 
FITARA implementation and the challenges agencies are facing in 
overhauling the management of IT resources. 

I want to thank each of the witnesses for testifying today, and 
I look forward to hearing your testimony on how agencies are ap- 
proaching FITARA implementation and the desired goals of savings 
and efficiency in the management of IT. 

Thank you, and I yield back. 

Mr. Hurd. Thank you, Ms. Kelly. And I want to thank you for 
the bipartisan nature in which we are doing this important work. 

Now it is great to recognize the gentleman from North Carolina, 
Mr. Meadows, the chairman of the Subcommittee on Government 
Operations, for his opening statement. 

Mr. Meadows. Thank you, Mr. Chairman. 

And thank you for your leadership, both of you, on this particular 
issue. 

And thank each of you for being here today. 

Obviously, in February, the GAO added the Federal IT manage- 
ment to the list of high-risk categories. The chairman of the full 
committee talked about the $80 billion that we spend on IT. Actu- 
ally, it is even greater than that. If you look at all the amounts of 
moneys that are, what I would say, offline and not accounted for, 
it is in excess of $100 billion. And that may be a conservative fig- 
ure. 

So, as we look at this, this is a critical issue, as the GAO found 
all too often that this $80 billion to $100 billion was invested, and, 
many times, it was behind schedule. We didn’t get the ultimate 
product that was even contracted for. 
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I was troubled to learn — I am one of those that was born a little 
bit earlier than what the chairman of the full committee had rec- 
ommended, but I was real concerned to hear that we are still sup- 
porting COBOL and Fortran. Those were languages that I had a 
difficult time with in college. And yet, here we are, with my gray 
hair, still supporting those kinds of legacy programming, that even 
anybody who is remotely in the programming world would say, why 
in the world are you doing it? And so we have got to do a better 
job. 

Obviously, with regards to FITARA and the implementation 
thereof, we are going to, in a very bipartisan way, work with not 
only the chairman of this committee but the ranking members of 
both of our committees. I can tell you that the gentleman from Vir- 
ginia, Mr. Connolly, and I have had a number of conversations as 
it relates to FITARA. 

And this is the beginning. I think the other part of this is the 
scorecards is actually a good start. Many of us asked why there 
was no A’s on there, as the chairman was — and the concern that 
I have was the response that I got was that even some of those 
grades that were given had been given the benefit of the doubt. 

And so, as we look at going forward and making progress, this 
tool should not only be one that we not allow a law to be imple- 
mented and just address, but we need to go further than that. And 
we need to look at appropriations for those that are doing well, 
that we need to make sure that those funds get rewarded for those 
that are doing well. Because too often in the Federal Government 
those who are efficient and effective get their budgets cut instead 
of getting rewarded for the very behavior that we are trying to sup- 
port. And we have to do a better job of recognizing good behavior 
and rewarding it. 

I believe that this is a great start. I look forward to continuing 
our work with not only the GAO but 0MB as we look at imple- 
menting this. And it will be a priority for us, in a bipartisan way, 
to address that. 

And, with that, I will yield back, Mr. Chairman. 

Mr. Hurd. Thank you, sir. 

Now I would like to recognize the architect of the Issa-Connolly — 
or is it Connolly-Issa? — I always forget — bill, Mr. Connolly, the gen- 
tleman from Virginia, ranking member of the Subcommittee on 
Government Operations, for his opening statement. 

Mr. Connolly. I thank the chairman. And I thank him for his 
generosity and his perspicacity. 

But welcome. I am so glad we are here, we are finally here, and 
we are talking about the implementation of the FITARA legisla- 
tion. 

The bipartisan legislation represents the first major reform of 
laws governing Federal IT management and procurement since the 
Clinger-Cohen Act of 1996. And although that previous effort estab- 
lished a solid foundation, it fell short in achieving its full potential 
because, frankly, nobody was watching its implementation. 

And I hope today’s panel and the hearing of these two sub- 
committees and the leadership on both sides of the aisle suggests 
we are not going to let that happen. FITARA, we mean it, we want 
to see it implemented. 
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And we understand that this is the first interim report card. It 
is not the he-all and end-all. It is a progress report, a snap in time. 

I have been encouraged at how quickly the administration and 
Federal agencies have actually embraced the effort. And I really 
appreciate the leadership of Federal CIOs and the Office of Man- 
agement and Budget, especially Mr. Scott, which I think issued 
some of the best implementation guidelines I have ever seen com- 
ing out of 0MB. 

And GAO, similarly, in designating improving the management 
of IT acquisitions operations as a new government-wide high-risk 
area really helps pound the case home, “This is important.” It gets 
our attention, and, hopefully, it gets our colleagues within the exec- 
utive branch, their attention as well. 

I am actually pleased by the results of a recent survey of Federal 
IT professionals conducted by MeriTalk, which was a private-public 
partnership focused on improving government use of IT, that shows 
that nearly 80 percent of those surveyed within the Federal Gov- 
ernment believe FITARA will actually have a positive effect on the 
value of their agency’s IT and mission. That is great. 

They specifically cited there is potential to reduce duplicative IT 
systems and to address the legacy systems my good friend from 
North Carolina was addressing just a few minutes ago. Although 
I will point out to him, the value at least of COBOL is the Chinese 
don’t know how to hack into it. 

Whoops. Late-breaking news: Apparently, they do. That would be 
too bad. 

Today, we are going to release our initial scorecard focusing on 
four of those reform activities that kind of constitute what grade 
you get and why: data center consolidation, where we are not doing 
so well; IT portfolio review savings; incremental project develop- 
ment and delivery; and risk assessment transparency. 

These metrics were selected because their implementation will 
have a demonstrable benefit on IT acquisitions and operations, and 
this data is updated and available on a quarterly basis. GAO has 
already been gathering information from agencies themselves to 
verify reporting in some of these areas, so the committee tasked 
GAO with collecting the agencies’ self-reported information and 
then scoring it based on our direction. So this is sort of a self-cer- 
tification process, too, that we are relying on, and so is GAO. 

I want to caution my colleagues, our partners in the administra- 
tion, and others in the Federal IT community that this scorecard 
is not intended to be a juridical, prescriptive exercise. It should not 
be considered a scarlet letter on the back of a Federal agency. It 
is, as I said earlier, an initial assessment, a point-in-time snapshot, 
much like the quarterly report card one might get in a university 
or in a school. 

The intent isn’t to punish or stigmatize. It is, in fact, to, you 
know, exhort and urge agencies to seize this opportunity and use 
the scorecard as a management tool to better guide decisionmaking 
and investments within the agency. 

While the grades themselves are illustrative of overall perform- 
ance, it is the multiple elements that make up the grades on which 
agencies in our committee will focus to ensure we deliver on the 
transformative promise of FITARA. 
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For example, while the Department of Transportation may be on 
the lower end of the scores in certain areas right now, one is en- 
couraged by reading CIO McKinney’s prepared statement, in which 
he says, “IT is no longer just the business of CIO; rather, it’s 
everybody’s business.” Well, to me, hallelujah. I mean, you know, 
the gospel is spreading. And that is a good thing, because it gets 
in our heads. That is exactly the point. 

I also commend DOT on its efforts to implement a more holistic 
approach to planning its IT investments by including budget and 
acquisition staff in its decisionmaking process to ensure everyone 
understands how those decisions need to support the overall IT 
goals. GSA has a similar arrangement, with its Investment Review 
Board. And Treasury employs the best-practice model of IT infor- 
mation resource management. All good things. 

So the one area I am concerned about — and I know Mr. Powner 
and I have talked about this. And we have covered this in a field 
hearing under your predecessor, Mr. Meadows, Mr. Mica, that was 
at George Mason University in northern Virginia. 

So we start out roughly with Vivek Kundra’s 25-point plan that 
says, let’s take 1,600 identified data centers in the Federal Govern- 
ment and cut it in half. Goal: 800. We introduced a bill that said, 
well, you know, once we do that, let’s cut it in half again to 400. 

We have a field hearing a couple of years later, and what do we 
discover? Well, we didn’t quite cut it in half We discovered 6,100 
more. So we went from 1,600 to 7,700. And I believe we have just 
discovered another 2,000. So now we have 8,700, roughly. 

There is no way any of us can find that acceptable. I am glad 
we are more accurate, apparently, in knowing how many data cen- 
ters we have, but the game here is to consolidate, to save, to be- 
come more efficient, to get rid of the stovepipes within our agencies 
and between agencies. 

So I am very interested in hearing — especially that one — how are 
we going to make progress, how are we going to avoid discov- 
ering — I mean, if there are more to be discovered, fine, but the real 
goal here is to consolidate. And so that one, particularly, I am 
going to be focused on. 

At any rate, I want to thank my colleagues for holding this hear- 
ing. I want to thank all of you for being here. This is the first 
downpayment in a series of oversight hearings I know we are going 
to have. 

Thank you. 

Mr. Hurd. Thank you, Mr. Connolly. 

I will hold the record open for 5 legislative days for any members 
who would like to submit a written statement. 

Mr. Hurd. We will now recognize our panel of witnesses. 

I am pleased to welcome Mr. Tony Scott, the U.S. Chief Informa- 
tion Officer at the Office of E-Government and Information Tech- 
nology at the Office of Management and Budget; Mr. Sonny 
Bhagowalia, Chief Information Officer at the U.S. Department of 
Treasury; Mr. Richard McKinney, CIO at the U.S. Department of 
Transportation; Mr. David Shive, Chief Information Officer at the 
U.S. General Services Administration; and Mr. David Powner, Di- 
rector of IT Management Issues at the U.S. Government Account- 
ability Office. 
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Welcome to you all. 

And, pursuant to committee rules, all witnesses will be sworn in 
before they testify. So please rise and raise your right hands. 

Do you solemnly swear or affirm that the testimony you are 
about to give will be the truth, the whole truth, and nothing but 
the truth? 

Thank you. Please be seated. 

And let the record reflect that the witnesses answered in the af- 
firmative. 

In order to allow time for discussion, we would appreciate it if 
you would limit your testimony to 5 minutes. And your entire writ- 
ten statements will be made part of the record. 

Mr. Scott, you have had a busy few months. Welcome back to 
this hearing space. And you are now recognized for 5 minutes. 

WITNESS STATEMENTS 
STATEMENT OF TONY SCOTT 

Mr. Scott. Thank you. Chairman Hurd, Ranking Member Kelly, 
Chairman Meadows, Ranking Member Connolly, and members of 
the subcommittees. Thank you for the opportunity to appear before 
you today to discuss OMB’s work in overseeing the government- 
wide implementation of the Federal Information Technology Acqui- 
sition Reform Act. And thank you for your resolute and bipartisan 
efforts in ensuring that this critical law is implemented success- 
fully. 

When I last appeared before you, I offered an overview of how 
FITARA and OMB’s implementation guidance enables strategic 
partnerships among agency CIOs and other senior leaders in the 
agency. And today I’ll focus my remarks on the progress that’s been 
made in institutionalizing FITARA and how 0MB is facilitating 
and overseeing its implementation. 

OMB’s FITARA guidance uses a common baseline approach, 
which provides direction on the roles and responsibilities of agency 
CIOs and other leaders for the management of information tech- 
nology. Each FITARA-covered agency submitted a self-assessment 
to 0MB describing their current operation compared to the com- 
mon baseline and are on schedule to submit an implementation 
plan showing how they will implement the common baseline re- 
quirements by the end of the year. 

Agency plans were evaluated with four overarching questions in 
mind: Has the agency identified real breakthrough opportunities 
for change? Has the agency described a compelling and feasible 
plan to act on those changes? Does the detailed plan integrate 
agency leadership with the leadership of bureaus and programs to 
jointly drive the mission? And, finally, does the agency CIO serve 
as the single point of accountability for the roles and responsibil- 
ities identified in the common baseline? 

And let me assure you that there was no rubber-stamp process 
involved here. With each agency, we’ve been actively engaged. 

Our analysis of the initial agency plan submissions revealed sev- 
eral key themes, including but not limited to agency-specific issues 
in budget formulation, budget execution, and IT acquisition. And 



9 


we’re working actively with each agency to address these issues for 
their final plan. 

Our oversight of agency progress in implementing FITARA is 
being assisted through a number of additional means. We’re fos- 
tering a government-wide community by holding biweekly meetings 
on FITARA and by relaunching the Web site management.cio.gov 
to serve as a central location for tools and resources. We’re collabo- 
rating with the President’s Management Council, the CIO Council, 
GSA, and other organizations, such as ACT-IAC, to facilitate 
knowledge-sharing across the Federal enterprise. 

We’re enabling consistent and transparent oversight by requiring 
that each agency post their implementation plan and related 
FITARA materials on management.cio.gov. And this will enable 
0MB inspectors general. Congress, GAO, and the public to conduct 
consistent oversight and followup. And we’re requiring agencies 
that have a red CIO risk evaluation on the IT Dashboard for 3 con- 
secutive months to hold TechStat sessions and notify 0MB of these 
sessions. 

Finally, I want to highlight the work that my office is doing, in 
partnership with OMB’s Office of Federal Procurement Policy, to 
leverage FITARA in addressing complex Federal acquisitions chal- 
lenges. We recently issued a category management policy to im- 
prove the acquisition and management of laptops and desktops. 
This memo is the first of a series of policies directing agencies to 
take new steps to improve the acquisition of common goods and 
services to drive better performance and efficiencies, as required by 
FITARA. 

In conclusion, I think FITARA presents a historic opportunity to 
reform the management of information technology across the Fed- 
eral Government. It’s important that we do not underestimate the 
work and the commitment required by agencies and the broader 
ecosystem to fully implement this law and the changes it rep- 
resents in culture, governance, IT processes, business process, and, 
quite frankly, the way we do oversight. Simply replaying pages 
from our old playbook is not the solution. 

That said. I’m pleased with agencies’ promising work to date, and 
I look forward to the positive results to come as agencies apply 
FITARA to their full information system lifecycle. 

I thank the subcommittee for holding this hearing and for your 
commitment to ensuring successful implementation of FITARA. I 
would be pleased to answer any questions you may have. 

[prepared statement of Mr. Scott follows:] 
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Chairman Hurd, Ranking Member Kelly, Chairman Meadows, Ranking Member Connolly, and 
Members of the Subcommittees, thank you for the opportunity to appear before you today to 
discuss OMB’s work in overseeing the government-wide implementation of the Federal 
Information Technology Acquisition Reform Act (FITARA), and thank you for your resolute, 
bipartisan efforts in ensuring that this critical law is implemented successfully. 

When I last appeared before you to discuss my team’s work in implementing FITARA, I offered 
an overview of how FITARA and our implementation guidance' enables strategic partnerships 
among agency Chief Information Officers (CIOs) and other senior leaders. 1 also discussed how 
FIT.ARA strengthens key reform initiatives, including PortfolioStat, TechStat, data center 
optimization, and our push towards incremental development. Today, I will focus my remarks on 
the progress that has been made in institutionalizing this important law, as well as the ways in 
which OMB is facilitating and overseeing its implementation. 

Implementation of the Common Baseline 

The backbone of OMB’s FITARA guidance is the “Common Baseline,” which provides 
direction on the roles and responsibilities of agency CIOs and other senior leaders for the 
management of Information Technology (IT), Each covered agency is required to submit a self- 


' Management and Oversight of Federal Information Technology, M-15-14, 
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assessment to OMB describing their current operation compared to the Common Baseline, and 
an implementation plan describing actions the agency will take to ensure that all Common 
Baseline requirements are implemented by the end of the year. 

1 am pleased to announce that we have received a self-assessment and implementation plan from 
each covered agency, and that our staff has conducted a thorough review for each agency with a 
timely submission. During the review of each agency’s plan we considered four overarching 
questions: 

1 . Has the agency identified real breakthrough opportunities for change? 

2. Has the agency described a compelling and feasible plan to act on those changes? 

3. Has the agency described how the plan integrates agency senior leadership with the 
leadership of bureaus and programs to jointly drive the mission? 

4. Does the agency CIO .serve as the single point of accountability for the roles and 
responsibilities identified in the Common Baseline? 

Our analysis of the initial agency plan submissions revealed several key themes that our staff is 
working with agencies to address: 

• Budget formulation: There was often a gap in CIO involvement in budget formulation 
activities. To the extent that significant involvement was delineated, it was often related 
to major agency-wide investments and not to investments at the bureau and program 
levels, 

• Budget execution: Plans often reflected a passive rather than active CIO role in IT budget 
execution activities, such as those of planning expenditures, evaluating IT performance, 
or reprogramming of funds. 

• Acquisition: Agency plans sometimes reflected a view that CIO’s would not/did not 
have direct knowledge of IT goods and services acquisition at the bureau or program 
levels, which precludes significant involvement in these acquisitions. 

• Organization: CIOs assigned significant duties to other agency officials. This is 
acceptable only if the CIO retains accountability, the CIO is directly involved with the 
delegation, and the rationale is documented and approved by OMB, 
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Although these challenges exist today, 1 am encouraged that agencies have recognized them in 
their self-assessments, and in their subsequent dialog with 0MB, and have begun to develop 
policies and procedures to address them. 

Full implementation of the Common Baseline will have positive benefits that will ripple 
throughout each agency and the Federal Government as a w'hole. To further advance incremental 
development, we are currently working on major enhancements for the IT Dashboard to be 
released early next year. These improvements will provide additional details on agency use of 
incremental development, and will allow the public to view information on the risk of IT 
investments on a year-round basis. For the first lime, we will also begin publicly showing 
detailed cost savings resulting from our reform efforts. 

In addition to enhancing the ability of CIOs to account for incremental development, Common 
Baseline implementation empowers CIOs to better address the longstanding challenges 
associated w'ith legacy IT spending, which accounts for the majority of Federal IT spending. 
Reducing the proportion of money spent on keeping the lights on in legacy systems also 
strengthens our ability to leverage new technologies and approaches, further driving cost savings. 
This also improves the Federal cybersecurity posture by decommissioning antiquated sy.stems 
that are costly to operate and are often unable to support critical functions like encryption and 
two-factor authentication. 


Moving forward, our oversight of agency progress implementing the Common Baseline is being 
accomplished through a number of means, including quarterly PortfolioStat reviews, mandatory 
TechStat sessions, tracking progress through a public dashboard, engaging with key partners, and 
by building a government-wide support community. 

PortfolioStat and TechStat Sessions 

PortfolioStat and TechStat sessions are two powerful tools to reveal and address challenges 
agencies face in managing their overall IT portfolio as well as at-risk investments. These and 
related reform efforts have saved the Federal Government at least $3.44 billion dollars since 
fi.scal year 2012. 
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As discussed in our guidance, over the last year we have enhanced our PortfolioStat efforts by 
shifting from annual to quarterly review sessions with senior agency leaders. The first round of 
PortfolioStat sessions for this fiscal year is underway, and the prime area of focus is a thorough 
discussion of each agency’s FITARA implementation progress. Future reviews will continue 
that focus. 

While PortfolioStat is an excellent tool for assessing the performance of an agency’s overall 
technology portfolio, we also recognize the need to quickly halt or turn around poor performing 
individual IT investments through TcchStat sessions. OMB has gone beyond the requirements of 
FITARA by requiring that agencies hold TechStat sessions for any investment that has a red CIO 
evaluation — indicating high risk — on the IT Dashboard for three consecutive months, as opposed 
to the FITAR A requirement of four consecutive quarters. 

OMB Implementation Support 

OMB is committed to supporting agencies in their implementation of FITARA. In addition to 
evaluating agency plans and holding PortfolioStat reviews, we are also working to: 

• Foster a Government-wide Community: The ability of agencies to successfully 
implement FITARA is greatly enhanced through the elimination of bureaucratic silos and 
the free exchange of ideas and information across government. Our staff has developed 
several vehicles to facilitate this and to ensure that agency personnel are always aware of 
the most up-to-date guidance and resources. These include: 

o Biweekly meetings. In July, we launched government-wide biweekly meetings 
on FITARA to act as forums for discussion and collaboration for implementing 
FITAICA-related requirements. 

o Management.cio.gov, We will soon re-launch management.cio.gov to serve as a 
living central location for tools and resources to support agencies, and to provide 
additional means for collaboration and communication across government. 
Anyone can contribute content to this site. 

• Develop Strategic Partnerships: OMB is collaborating with the CIO Council, General 
Services Administration (GSA), and other organizations to facilitate knowledge sharing 
across the Federal enterprise. For example, the CIO Council is partnering with GSA’s 
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Office of Government-wide Policy (OGP) to assist in facilitating FITARA 
implementation. In this role, OGP is working with CIOs and OMB to identify and 
document best practices that can be leveraged to create reusable tools — such as case 
studies, frameworks, and reports — to support agency implementation. Additionally, the 
American Council for Technology and Industry Advisory Council (ACT-IAC) has 
worked with more than 50 experienced executives and analysts from government and 
industry to create a FITAITA maturity model’ to help agencies assess their progress 
against FITARA standards and develop basic best practices for IT management 
governance. 

• Enable Consistent and Transparent Oversight: As required in our guidance, each agency 
must post their implementation plan, a directory of IT leaders, a list of all governance 
boards that include the CIO, and a library of their IT policies on their public w'ebsite. This 
enables OMB, Inspectors General, Congress, and GAO to conduct consistent oversight 
and follow-up. Additionally, as part of the refreshed management.cio.gov site, we will 
soon launch a public-facing FITARA Dashboard to track progress of agency 
implementation, 

IT Acquisition 

Finally, I want to highlight the work that my office is doing in partnership with the OMB Office 
of Federal Procurement Policy that leverages FITARA to help address complex Federal 
acquisitions challenges. Together, we have taken a number of steps to better align agencies’ IT 
and acquisition functions and drive enterprise-wide IT strategies. 

Just a few weeks ago, OMB issued M- 16-02, Category Management Policy 15-1: Improving the 
Acquisition and Management oj Common Information Technology: Laptops and Desktops. This 
memo is the first of a series of policies directing agencies to take new steps to improve the 
acquisition of common IT goods and services to drive better performance and efficiencies. This 
policy prohibits the creation of new' contract vehicles for workstations, mandates the use of 
standard configurations and government-wide acquisition vehicles, and requires improved 
management practices to optimize price and performance. As a result, the Federal Government is 
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better able to act as a single buyer to achieve greater cost savings through smarter and more 
strategic buying. 0MB is developing additional IT acquisition policies, including those for 
government-wide software purchasing, as required by FITARA. 

I thank the Subcommittees for holding this hearing, and for j'our commitment to ensuring 
successful implementation of FITARA. 1 would be pleased to answ'er any questions you may 
have. 
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Mr. Hurd. Thank you, Mr. Scott. 

Mr. Bhagowalia, you are recognized for 5 minutes for your open- 
ing statement. 

STATEMENT OF SANJEEV “SONNY” BHAGOWALIA 

Mr. Bhagowalia. Thank you, Mr. Chair. 

Chairman Hurd, Ranking Member Kelly, Chairman Meadows, 
Ranking Member Connolly, Chairman Chaffetz, and members of 
the subcommittees, thank you for the opportunity to testify today 
on the Department of Treasury’s approach to the Federal Informa- 
tion Technology Acquisition Reform Act, or FITARA. 

I will focus on how our evolving Office of the Chief Information 
Officer practices have laid a strong foundation for the implementa- 
tion of FITARA. I also acknowledge there is much work to do. I will 
highlight some of these practices, including the roles of the OCIO 
in managing the Treasury Department’s information technology, 
IT, and information resource management portfolio, and the gov- 
ernance structure that has Department has in place to ensure 
sound IT/IRM decisionmaking and delivery. 

The three top OCIO management priorities for the Department 
of Treasury are cybersecurity, making improvements to the IT/IRM 
operations, and implementation of FITARA. 

Treasury works each day to deliver the diverse mission of the 
Department both securely and reliably and to build upon what we 
think is a strong foundation that positions the Department for fur- 
ther successes in the future. 

Treasury supports an important financial mission for our coun- 
try. Treasury is comprised of departmental offices and bureaus of 
wide-ranging size with varying technology needs and complexities 
and a number of different funding sources. 

The Treasury CIO is accountable for meeting the IT/IRM needs 
of the departmental offices, with special attention to advancing the 
enterprise-wide objectives. Responsibility for IT/IRM management 
is shared among the Treasury CIO and bureau-level CIOs, who 
focus on the unique mission and needs of the individual organiza- 
tions. 

Treasury is fully dedicated to implementing FITARA in accord- 
ance with OMB’s guidelines and the Department’s needs. Our self- 
assessment against the common baseline established by 0MB dem- 
onstrates that we have a number of practices already in place but 
that many of these need to be formalized through policy. And we 
acknowledge that there are many areas that still need to improve. 

Treasury’s focus is sustainability, which means integrating the 
goals of FITARA into existing processes to ensure efficiencies can 
last over time. 

The existing IT/IRM lifecycle is built upon GAO and OMB’s best- 
practice framework of architect, invest, implement, and operate, 
with cybersecurity built in throughout the lifecycle. Treasury uses 
this framework to further policy and process development and in- 
cludes consistent practices in the following five areas: 

Number one, governance. The Department has a GAO-recognized 
best-practice approach to efficient and effective review of its IT/ 
IRM investments. Each bureau reports execution data to the De- 
partment monthly. Treasury then reviews all investments with 
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month-to-month performance issues in project execution and con- 
ducts a detailed program review called TechStat on select invest- 
ments. In addition, the Department CIO conducts quarterly per- 
formance reviews with each bureau and participates in quarterly 
PortfolioStat reviews with 0MB. 

Number two, budget formulation and planning. The Department 
CIO actually annually reviews all bureau IT/IRM plans and partici- 
pates in full bureau budget reviews. The Treasury CIO counsel also 
select a group of enterprise-wide initiatives to be executed jointly. 
Efficiencies, such as those gained through data center consolida- 
tion, have allowed Treasury to begin to shift more spending to de- 
velopment and modernization and enhancement, DM&E, efforts. 

Number three, acquisition and execution. The Senior Procure- 
ment Executive, SPE, and the CIO have worked collaboratively to 
conduct a joint review of department offices’ IT/IRM procurements 
as well as select acquisitions of major enterprise programs. Treas- 
ury is also developing a department-wide procurement strategy and 
governance program to ensure enterprise-wide oversight and to le- 
verage economies of scale in procuring commodity IT/IRM where 
possible. 

Number four, in workforce and organization. The Treasury CIO 
has input into bureau CIO selections, places performance objectives 
in bureau CIO annual performance plans, and contributes to bu- 
reau CIO evaluations. 

Number five, project management. Beginning in fiscal year 2015, 
Treasury OCIO launched two initiatives to improve project man- 
agement oversight and practice: number one, develop a new enter- 
prise-wide lifecycle management program; and, two, a revised pro- 
gram management approach to better leverage agile development 
methods. 

Per OMB’s recent PortfolioStat review we just received. Treasury 
has made significant progress in shifting towards a more agile de- 
velopment approach, but work remains. 

In conclusion, while Treasury has a strong foundation on which 
to successfully implement FITARA, we acknowledge there is still 
work to do. The Department is committed to fully implementing 
FITARA and looks forward to working with 0MB, GAO, and the 
Congress in this endeavor. 

Thank you for your support for FITARA, a key initiative which 
will improve public stewardship. I appreciate this opportunity to 
testify today, and I’ll be glad to answer any questions you may 
have. 

[Prepared statement of Mr. Bhagowalia follows:] 
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Testimony of Sanjeev “Sonny” Bhagowalia 
Deputy Assistant Secretary for Information Systems and Chief Information Officer 
Unites States Department of the Treasury 
Before the Subcommittees on 

Information Technology and Government Operations of the 
Committee on Oversight and Government Reform 
United States House of Representatives 


Introduction 

Chairman Hurd, Ranking Member Kelly, Chairman Meadows, Ranking Member Connolly, 
and Members of the Subcommittees, thank you for the opportunity to testify today on the 
Department of the Treasury’s approach to the Federal Information Technology Acquisition 
Reform Act, or FITARA. 

In the following remarks, I will focus on how our evolving Office of the Chief Information 
Officer (OCIO) practices has laid a strong foundation for the implementation of FITARA. 1 
will highlight some of these practices, including the roles and responsibilities of the OCIO in 
managing the Treasury Department’s Information Technology (IT)/Information Resource 
Management (IRM) portfolio, and more specifically the governance structure the Department 
has in place, working with our bureaus, to ensure sound IT/IRM decision-making and 
delivery. 

The three top OCIO management priorities of the Department of the Treasury are: 
eybersecurity, making improvements in IT/lRM Operations, and implementation of 
FITARA. Treasury works each day to deliver the diverse mission of the Department both 
securely and reliably, and to build on what we think is a very strong foundation that positions 
the Department for further success in the future. 

1 can say, having arrived as the Treasury CIO just a year ago, that senior Departmental 
leadership and technology professionals throughout the Treasury Department have a strong 
commitment to FITARA, exemplified in part by an unwavering focus on IT/IRM 
governance. Treasury gains efficiencies across the Department from a .successful IT/IRM 
program focused on improvements. 


The Treasury Environment 

As you know. Treasury supports an important financial mission for our country and is a 
large, diverse enterprise with many locations. The mission of the Treasury Department is to 
maintain a strong economy, create economic and Job opportunities by promoting conditions 
that enable economic growth and stability at home and abroad, strengthen national security 
by combating threats and protecting the integrity of the financial system, and manage the 
U.S. Government’s finances and resources effectively. Treasury is comprised of 
Departmental Offices and bureaus of wide-ranging size, with varying technology needs and 
complexities and a number of different funding sources. 

I 
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The Treasury CIO is accountable for meeting the IT/IRM needs of the Departmental Offices, 
and actively oversees Bureau !T/iRM activities, with special attention to advancing 
enterprise-wide objectives. Responsibility for IT/lRM management is shared among the 
Treasury CIO and Bureau-level CIOs, who focus on the unique mission and needs of their 
individual organizations. 

Accountability ultimately rests at the Department level. Since the Treasury mission is broad 
and its IT/IRM portfolio complex. Treasury's governance/oversight model has worked well 
and allows for robust governance practices and collaborative mechanisms to facilitate the 
Treasury CIO's significant involvement in technology-related budget, procurement and 
workforce matters. 


Treasury’s Approach 

Treasury is fully dedicated to implementing FITARA in accordance w'ith OMB’s guidelines 
and the Department’s needs. Our self-asscssmcnt against the common baseline established 
by OMB demonstrates that we have a number of practices already in place, but that many of 
these need to be formalized through policy, and we acknowledge that there are areas in which 
we still need to improve. Treasury’s focus is sustainability, which means integrating the 
goals of FITARA into existing processes to reduce redundancies and ensure efficiencies can 
last over time. 

Treasury has a long history of managing IT/IRM across the Department in a collaborative 
way that leverages coordinated action on commodity technology areas such as finance and 
budget, procurement, and human capital management, while largely delegating decision 
making on mission specific IT/IRM to the bureaus. In addition, all units in the Department 
share cyber security information regularly and work together as a single unit whenever 
possible. This approach allows Treasury to take advantage of economies of scale in common 
areas while leveraging bureau expertise when making specific mission and strategy IT/IRM 
decisions. 


The Treasury CIO Council, chaired by the Department CIO and meeting monthly, is a 
governance body that oversees the entire IT/IRM portfolio with a special emphasis on shared 
and enterprise-wide services, and cyber security. This approach worked very W'ell during the 
FY 2015 Cyber Sprint and helped set the Department’s consolidated strategy for 
implementation of the Administration’s Cyber Security Implementation Plan (CSIP). 


The Treasury Foundation 

The existing IT/IRM lifecycle is built-upon a Government Accountability Office 
(GAO)/Office of Management and Budget (OMB) best practice framework of “Architect, 
Invest, Implement and Operate and Maintain” with cybersecurity built-in throughout the 
lifecycle. Treasury uses this framework to further policy and process development in a 
continuous improvement approach, and includes consistent practices in the following areas: 
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1 . Governance: Through the IT/IRM Capital Planning and Investment Control (CPlC) 
program the Department has a GAO recognized, best-practice approach to efficient and 
effective review of its IT/IRM investments. Each bureau reports execution data to the 
Department monthly, including project status on their major IT/lRM investments and 
operational metrics on systems in use. Treasury then reviews all investments with 
month-to-month performance issues in project execution, including cost, schedule, 
operation metrics, and risk, and conducts a detailed program review (TechStat) on 
selected investments. The.se reviews attempt to identify project or program issues and 
mitigate risks before they become real problems. This active regimen also helps the 
Treasury CIO to develop accurate risk ratings for the IT Dashboard based on data 
provided by bureaus and offices, corroborated by OCIO staff and reviewed with OMB. 

In addition, the Department CIO conducts quarterly performance review's w'ith each 
bureau that covers its entire IT/lRM portfolio of projects and systems, and participates in 
quarterly PortfolioStat reviews with OMB. 

2. Budget Formulation and Planning: The Department CIO annually reviews all bureau 
IT/IRM program plans and participates in full bureau budget reviews. The Treasury CIO 
Council also selects a group of enterprLse-wide initiatives to be executed jointly. This 
helps ensure that IT/IRM investments meet mission needs while enabling Treasury to 
identify opportunities for cross-Department collaboration and cost sharing. Other 
efficiencies, such as those gained through data center consolidation, have allowed 
Treasury to begin to shift more spending from legacy IT/lRM Operations and 
Maintenance (O&M) to Development, Modernization and Enhancement (DME) efforts, 
This has increased the proportion of new DME as part of the total portfolio from 1 9% in 
Fiscal Year (FY) 201 1 lo 24% in FY 2016. 

3. Acquisition and Execution: The Senior Procurement Executive (SPE) and the CIO 
have been working collaboratively to conduct a joint review of ail Departmental OfTiccs 
nviRM procurements as well as all acquisitions of major enterprise programs The SPE 
and CIO will be extending this review across the enterprise in a phased, incremental 
manner. Treasury is also developing a Department-wide procurement strategy and 
governance program to ensure enterprise-wide oversight and to leverage economies of 
scale in procuring commodity IT/lRM. This is in support of OMB guidance for 
developing a strong IT/IRM acquisition and procurement program. 

4. Workforce and Organization: The Treasury CIO has input into Bureau CIO selections, 
places performance objectives in Bureau CIO annual performance plans, and contributes 
to bureau CIO evaluations. The Treasury CIO participates in the HR Council and works 
with the Chief Human Capital Officer to review and assess IT staff competencies and 
skills to ensure the Departments IT/IRM w'orkforce can respond to rapidly evolving needs 
and requirements to accomplish our mission. 

5. Project Management: Through the CIO Council, Treasury has effectively shared 
program and project management best practices across the Department and uses this 
information for continuous process improvement. Beginning in FY 15, Treasury OCIO 
launched two initiatives to improve Project Management (PM) oversight and practice: 
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(a) develop a new enterprise-wide life cycle management (LCM) program, and (b) a 
revised PM approach to better leverage agile development methods. Per OMB’s recent 
PortfolioStat review, Treasury has made significant progress in shifting toward a more 
agile development approach, reducing average planned days to deliver from 
approximately 240 days in FY 201 1 to less than 100 days. An extension of this agile 
approach across more enterprise programs is planned. In addition, the CIO and the SPE 
are working to develop a Department-wide Federal Acquisition Certification for Project- 
Program Managers, 


Conclusion 

While Treasury has a strong foundation on which to successfully implement FITARA, there 
is .still work to do. The Department is committed to fully implementing FITARA, and looks 
forward to working with 0MB, the GAO and the Congress in this endeavor. Thank you for 
your support of FITARA, which will help improve public stewardship. 1 appreciate this 
opportunity to testify today and 1 will be glad to answer any questions you may have. 
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Mr. Meadows. Thank you so much. 

Mr. McKinney, you are recognized for 5 minutes. 

STATEMENT OF RICHARD MCKINNEY 

Mr. McKinney. Thank you, sir. 

Chairman Hurd, Ranking Member Kelly, Chairman Meadows, 
Ranking Member Connolly, members of the subcommittee, I want 
to begin by thanking you for the opportunity to appear today to dis- 
cuss dot’s implementation of FITARA. 

I would also like to thank both this committee and your prede- 
cessors for having the foresight to recognize the critical importance 
of clarifying and strengthening the role of Chief Information Offi- 
cer. FITARA provides both the accountability and the authority 
that is required for a CIO in an IT organization to be successful. 

I believe this landmark legislation must be used as the founda- 
tion for the complete transformation in the way the Federal Gov- 
ernment builds, buys, manages, and secures information tech- 
nology. And I think you have very wisely given us FITARA at an 
extremely critical juncture. Let me explain why. 

I began my IT career in 1985, just as governments were eagerly 
moving away from the centralized, one-size-fits-all model char- 
acteristic of the early mainframe days. This rapid decentralization 
continued through the 1990s, but, increasingly, this patchwork 
quilt of disconnected IT silos and disparate technologies began to 
reveal its weakness as we moved into the connected age of the 
Internet. 

And governments at all levels across this country have struggled 
with how to unwind this mess that we have allowed to build up 
over the past 30 years. Tearing down the silos is not an easy thing 
to do. We all understand how the status quo has a lot of inertia, 
and so it is at DOT. 

I was appointed CIO at DOT a little over 2 years ago, and I im- 
mediately recognized this all-too-familiar scenario. I began by hav- 
ing a frank and honest conversation with both the departmental 
leadership and the operating administrations about the challenges 
that we faced. 

I could tell that everyone recognized that what I was saying was 
true. But I also understood that in order to lead them through a 
difficult transformation that we first had to strengthen the office 
of the CIO. I wish I could tell you that this process was quick and 
easy to do, but it wasn’t. But after more than a year of hiring, reor- 
ganizing, and improving service delivery, the Department’s con- 
fidence in our office quickly improved. 

And why is that important? It is precisely because we have to 
make such a radical and difficult turn, abandoning the decentral- 
ized approach and moving toward a strong and secure enterprise 
shared-services approach. This shared-services model should man- 
age the 60 to 70 percent of our current IT landscape that is com- 
modity IT: the networks, servers, storage, desktop, help desk, mes- 
saging service, all the enterprise services that can be provided as 
a centralized utility and a well-managed mixture of both cloud and 
locally hosted services. 

This balanced approach would leave the mission-specific solu- 
tions to be managed at the component level and specifically aligned 
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to their unique business needs. And with the cost sprawl of decen- 
tralized infrastructure contained, we would free more resources to 
improve the applications that help us achieve our mission goals. 

There is even one more more compelling reason to make this rad- 
ical change, and that is security. In our current decentralized 
model, visibility across our network is inconsistent, lines of defense 
are often less than clear, and coordination effectiveness of our secu- 
rity efforts are severely impacted. 

Even if we managed a perfectly architected IT infrastructure, se- 
curing that infrastructure against our enemies would still be a very 
difficult task, but that should be our singular goal. We must create 
a new construct that is secure by design, one where security is 
built in and not bolted on. 

So how do we begin to use the three foundational authorities of 
FITARA — namely, HR, budget, and acquisition approval — that you 
have wisely laid out in this legislation? 

I’m sure we can all agree that, in order to chart a course to 
where you want to go, you must begin by understanding where you 
are. I have been frustrated by the lack of good data, both technical 
and financial, that we have to measure our IT spend and perform- 
ance. Just as our physical IT has been siloed, so has our data. 

For too long, my office has been merely an aggregator of compo- 
nent data, data that we report to GAO and 0MB, only to find out 
later that the taxonomy and structure varies from one OA to the 
next. So one of our first steps is teaming with the CFO office and 
asking the operating administrations to join us in building a new 
taxonomy that consistently and accurately identifies and quantifies 
our IT spent. You can’t manage what you can’t measure. 

Let me close with this. I want you to know that I am totally dedi- 
cated to ensuring that the rollout of these important authorities is 
done as quickly and as successfully as I know how to do. I believe 
that we have to approach FITARA as if it were our last chance to 
get this right. 

Again, thank you for FITARA. Thank you for this opportunity to 
testify. And I look forward to answering whatever questions you 
might have. 

[Prepared statement of Mr. McKinney follows:] 
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Thank you for the invitation to appear before you today to discuss the Department of 
Fransportation’s (DOT) implementation of the Federal Information Technology Acquisition 
Reform Act (FiTARA). I would also like to thank the committee and your predecessors for 
tasking agencies with strengthening the role of the Chief Infonnation Officer (CIO). FITARA 
provides both the necessary accountability and authority to be a successful CIO. 1 would like to 
share with you today where DOT is in the process of implementing this important legislation. 

1 came to DO T a little over two years ago after having worked in Information Technology (IT) in 
the state and local government environment for over 28 years. When 1 arrived at DOT, 1 
recognized a very familiar siuiation. Like most State and local governments, the Federal 
government is extremely federated and decentralized. T his is the same situation I was confronted 
with from 1999-2005 when 1 served as the CIO of the city of Nashville, TN. I immediately 
recognized the challenge the Department faced, and I had a number of ideas for how we could 
respond. 

Throughout my career, 1 have seen the IT field struggle with centralization of IT resources. In 
the late 1 970s and early 1 980s, 1 witnessed the impact of attempting to centralize all IT. Then, 1 
watched IT struggle through the decentralized model that emerged in the 1990s. I am convinced 
our challenge as CIOs is to the find the right balance between those two extremes. 

In order to find the right balance, we must convince organizations to create a strong, enterprise 
shared services environment. This shared services model should manage the 60-70 percent of 
our current ff landscape that is commodity I f, and sendees should be provided as a utility to 
each of the business units. 

If you study closely the IT investments DOT has been making over the past 1 0 years, the 
Operations and Maintenance (or O&M) costs are going up. Conversely, the investments in 
modernization are on the decline. I his is an unsustainable course to be on. Striking the right 
balance for centralization will not only strengthen operational ff as an enterprise service, but it 



will also drive down the cost of providing these commodity IT services. Gaining efficiency in 
O&M means more resources can be redirected to modernization and improving the way DOT 
achieves mission goals through IT. That is the balance point we need to find. 

As the Departmental CIO, I am responsible for creating an enterprise IT shared services 
organization worthy of the business of the components, one that DOT’S Operating 
Administrations (OAs) can confidently trust to be the foundation of their unique mission 
solutions. The OAs must also have confidence that the shared services organization is focused 
on continued improvement and optimization to reduce costs. 

Centralization doesn’t only provide financial benefits. It’s also required to ensure we are doing 
all we can to meet the security threats we face. Even if we managed a perfectly constructed i f 
infrastructure, securing against our enemies would be difficult. In a decentralized model, where 
visibility is inconsistent across the enterprise, we do not stand a chance of meeting the attacks we 
face every day. Nothing short of re- imagining and re-architecting our IT infrastructure will 
position us to respond adequately. We must create an architecture at DOT that is secure by 
design. 

Meeting these challenges around security and efficiency begins with a good governance model. 
Re-architecting the way we manage IT tltrough a strong, centralized IT shared services mode! 
requires not only adept CIOs at the Department level, but we also must have knowledgeable 
CIOs at the business unit level. Managing commodity IT as a shared service will allow CIOs at 
the OA level to apply a renewed focus on using IT to advance the mission of the business. 

FI TAIGV provides the tools we need to complete this transformation in how we manage IT. As 
the lead CIO on the ITTARA executive working group, I joined several colleagues from DOT in 
helping to shape the implementation strategy and guidance. DO'f had the best representation on 
the working group; our Departmental Budget Officer as well as the Chief Human Capital Officer 
(CHOC) for the Department joined me. We also worked closely with our Senior Procurement 
Executive (SPE) as the guidance was developed. 

Through this coordination, the relationship between my office and the Office of Budget and 
Programs, SPE, and HR has strengthened. In this age where IT is embedded in everything we 
do, it is imperative that our four offices work together, IT is no longer just the business of the 
Office of the CIO (OCIO), Rather, I'l’ is everybody’s business. The unity in our approach was 
recognized across the Department. We did not have any debates about whether we w'ere going to 
implement FI TARA; all discussions were around how to implement FM'ARA. 

Participating in the interagency working group gave DOT a running start on FITARA 
implementation. We formed two working groups made up of representatives from across the 
Department. This process ensured everyone had a voice through the process, and it gave us an 
opportunity to work out any issues before finalizing the DOT implementation plan. Every OA 
participated as my office walked through the components of 0MB ’s guidance and helped draft 
DO T’S response to the three pillars of FfTARA: HR, Budget, and Purchasing. 
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DO T is taking a transformative approach to the HR authorities contained in FI TARA, focusing 
on redefining the role of the CIOs at the component level. The current DOT model is 
inconsistent and does not provide the necessary visibility into mission and business goals. In 
many cases, the CIO position at the OAs is a “dual-hatted” responsibility, where the CIO holds 
multiple roles and responsibilities. These additional roles are unrelated to IT. Together with the 
Office of Human Resources, my office is reviewing all positions that hold the CIO title. DO T 
will move to an updated model that includes full-time, single-hatted, dedicated CIOs whose sole 
responsibility is to make sure technology aligns with and amplifies critical business needs. In an 
agency as large as DOT, with as many business units as we have, one of the key ingredients to 
good rr is a strong IT governance model. At an enterprise level, we must form a council of 
CIOs who represent individual OAs and come together to implement strategies for the good of 
the entire Department. 

While the Budget authority contained in FITARA is a simple concept to understand, it is more 
complicated to put into practice. As part of the FY 201 7 budget formulation process, for the first 
time, my office and the Office of Budget and Programs held joint meetings with the OAs to 
better understand how current and planned IT resources support modal program objectives, 
review proposed increases and decreases in IT resources, and to approve IT budget requests. We 
continue to instill rigor and ensure greater visibility to improve planning, identify cost savings 
opportunities and deliver IT projects within established cost, schedule and performance 
parameters. My office completes a monthly IT Dashboard update to assess risk. As part of this 
review, we provide a summary of findings and recommendations associated with the DO'F IT 
Portfolio. This includes continuing to assess and implement the agile development methodology 
where it is appropriate. While we are pleased with the progress we have made to date, 
significant work lies tthead. 

In our current structure, it is very difficult for the business units to determine with any exactitude 
what they spend on M'. Our initial insights teli us IT budgets are decentraiiited and woven ail the 
way down to the program level. Further, IT spending is not accounted for in a uniform way. 

This is a major challenge, so OCIO and the Office of Budget and Programs are working jointly 
to form a tiger team that will work with each OA to extract the fl' portions of their budget. This 
initiative will produce an as-is. enterprise view into the IT landscape at DOT, This snapshot will 
help us understand exactly how we are spending our IT dollars. Even more importantly, we will 
use this information to begin to map out the future environment. Having a true understanding of 
the current environment will allow us to make smarter decisions about how we budget for I T in 
the future. 

A true picture into our fl' spend also opens the door to IT acquisition reform. To this end, my 
office is working with Contracting Offices from across the Department to identify the best way 
to achieve a belter outcome through purchasing. As technologists, we cannot fault acquisition 
professionals for failing to fully understand the technical ramifications of individual purchases 
without providing a broad view, h is our responsibility to communicate our goals, vision, and 
strategy for the future of IT and to work together closely to be sure IT acquisitions support our 
objective. 
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I'hcre are concerns that this kind of coordination could slow dovsTi the procurement process, but 
think it actually presents an opportunity for gaming efficiencies. First, acquiring I f in a siloed 
miuiner creates a heavy workload throughout the procurement offices across the Department. 
Secondly, standards and foundational models at an enterprise level can act as a reference 
throughout the acquisition process. Enterprise Architecture, for example, is a tool that can be 
leveraged to ensure all purchases are mapped to the plans and goals at the component level. 

Through the implementation of the authorities contained in J'l'l'ARA, CIOs will also be more 
accountable for govemment-wide goals. The Federal Data Center Consolidation Initiative 
(FDCCI) is an exmiiple of this. For FDCCI to be successful, we must fully understand our 
current environment as well as the projected future state. A comprehensive inventory and 
enterprise strategy is the first step to the efficient management of the infrastructure layer of the 
Department. Refomiing HR, Budget, and Procurement is the only way to effectively achieve 
tho.se goals. 

Thank you again for the invitation to appear before you today on behalf of DO F to discuss our 
implementation of FI TARA. The CIO community thanks you. We appreciate the trust you’ve 
put in us. We understand you expect to hold us accountable. Thank you for giving us tliis 
important responsibility. I will be pleased to answer any questions you may have. 
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Mr. Meadows. Thank you, Mr. McKinney, for your insightful tes- 
timony. Please give my personal regards to the Secretary, if you 
would. 

Mr. McKinney. Yes, sir, I will do that. 

Mr. Meadows. And, Mr. Shive, you are recognized for 5 minutes. 

STATEMENT OF DAVID SHIVE 

Mr. Shive. Thank you, Mr. Chairman. 

Good afternoon. Chairman Meadows, Ranking Members Kelly 
and Connolly, and members of the subcommittees. 

Mr. Meadows. If you could bring that mic a little bit closer to 
you there. 

Mr. Shive. How’s that? 

Mr. Meadows. All right. That is better. 

Mr. Shive. Great. 

Thank you for inviting me to testify before you regarding GSA’s 
implementation of the Federal Information Technology Acquisition 
Reform Act. GSA appreciates this committee’s oversight of this im- 
portant issue and the importance of addressing the high-risk areas 
outlined by the Government Accountability Office in its assess- 
ment. 

Today, I would like to highlight GSA’s efforts towards imple- 
menting the common baseline of FITARA. These efforts address a 
variety of activities, from centralizing IT management to the opti- 
mization of data centers, all of which are helping us to move closer 
to successfully complying with the requirements of FITARA. 

Three years ago, GSA conducted a top-to-bottom review of the 
agency and, as a result of that, consolidated IT management under 
the CIO and put effective management controls in place to cen- 
tralize our IT spending. Since this consolidation, GSA has improved 
IT acquisition and security, and we are implementing additional re- 
forms, many of which were directed by FITARA. 

For example, as GSA’s CIO, I oversee and regularly participate 
in the governance of operations and delivery of IT services for the 
entire agency. All instructional letters, policy directives, and formal 
guidance are published under my signature, and all initiatives with 
an IT component are reviewed by me or my delegates. This is made 
possible through my representation on governance boards around 
the agency, such as our Investment Review Board, and through our 
agency’s IT management processes. 

GSA’s consolidation efforts also helped my office gain visibility 
into GSA-wide IT spending and investments. From fiscal years 
2013 to 2015, GSA IT reduced its budget by 17 percent. This is in 
part due to the fact that, since our consolidation, I am intimately 
involved with the review, management, and oversight of IT expend- 
itures, from the initial budget request to the execution and comple- 
tion of each project. 

To achieve this, my office conducts high-risk investment reviews, 
project health checks, benefits realization, application rationaliza- 
tion, and we authorize reprogramming of funds and rebaselining of 
IT investments. All of these help with ensuring that, as CIO, I 
have a role in investment and project management oversight, 
which are primary goals of FITARA. 
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Additionally, to ensure that IT investments within various GSA 
divisions are aligned with the long-term IT vision of the agency, my 
office collaborates with the various business lines within GSA to 
provide guidance and support. The IT executives supporting these 
offices report directly to me and formulate technology solutions and 
manage IT investments with clear understanding of GSA IT enter- 
prise management requirements and clear direction from the CIO. 

Another initiative that has been central to reducing our costs and 
is part of the requirements necessary for agencies to properly im- 
plement FITARA are our activities surrounding the Federal Data 
Center Consolidation Initiative. As a part of FDCCI, GSA IT has 
reduced its overall number of data centers by 65 percent and con- 
solidated their functionality to the agency’s core data centers. This 
consolidation has saved or avoided costs totaling approximately $29 
million from fiscal year 2012 through 2014. 

Currently, GSA operates three core data centers as well as mul- 
tiple regional data centers. GSA IT’s future goal is to consolidate 
all core data centers and regional data centers into three primary 
data centers. 

Through consolidation and by driving efficiency into the GSA- 
computing enterprise, GSA has increased the usability of our sys- 
tems, eliminated duplicative processes, eliminated duplicative sys- 
tems and applications, and standardized our processes using indus- 
try best practices and solutions. 

While GSA has made significant progress in implementing the 
key components of FITARA, there is still more work to be done. As 
GSA moves forward with FITARA implementation, I will continue 
to work with GSA senior agencies officials, 0MB, my peer Federal 
agency CIOs, and members of this committee to ensure that GSA 
is effectively implementing FITARA to reduce costs and increase 
the value of our IT acquisitions. 

I thank the subcommittees for the opportunity to testify today 
and look forward to answering any of your questions. 

[Prepared statement of Mr. Shive follows:] 
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Good morning Chairmen Hurd and Meadows, Ranking Members Kelly and Connolly, 
and members of the Subcommittees. My name is David Shive, and I am the Chief 
Information Officer (CIO) of the U.S. General Services Administration (GSA). Thank you 
for inviting me to testify before you regarding GSA's implementation of the Federal 
information Technology Acquisition Reform Act (FITARA), GSA appreciates this 
Committee’s oversight of this important issue, and the importance of addressing the 
high risk areas outlined by GAO in its assessment. 


IMPLEMENTATION TO DATE 

GSA’s FITARA implementation plan addresses: consolidation of information technology 
(IT) management; visibility of IT spending and investment; data center consolidation; 
enterprise-wide planning; IT vendor spending optimization; and improved software 
acquisition. 

Consolidation of iT Management 

As a result of the agency’s Top to Bottom Review in 2012, GSA consolidated IT 
management under the CIO, and put effective management controls in place to 
centralize our IT spending. Since adopting this structure three years ago, GSA has 
improved IT acquisition and security, and we are implementing additional reforms, many 
of which were directed by FITARA. 

GSA’s IT consolidation anticipated some of the requirements of FITARA, especially 
around empowering the CIO. For example, as GSA’s CIO, I oversee and regularly 
participate in the governance of operations and delivery of IT services for the entire 
agency. All instructional letters, policy directives, and formal guidance are published 
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under my signature, and all initiatives with an IT component are reviewed by my office. 
This is made possible through the CIO's representation on governance boards around 
the agency, such as the Investment Review Board (IRB), and through the agency’s IT 
management processes. 

The offices of the Chief Financial Officer (CFO) and CIO work together to streamline 
and integrate budget and pre-budget processes, develop GSA budgets, and create 
executive business case guidance and templates. While I am exclusively responsible for 
IT resourcing and management, I also work to review and validate non-IT requests, 
helping to monitor and manage potential impacts to the IT portfolio. 

Visibility of IT Spending and Investment 

GSA's consolidation efforts also helped the office of the CIO gain visibility into GSA- 
wide IT spending and investments. From fiscal years (FY) 2013 to 2015, GSA IT 
reduced its budget by 17 percent. Given the size and scope of the multi-billion dollar 
federal IT Portfolio, it is critical to maintain a focus on the health of IT investments 
across the government. Within the well-established GSA governance process, GSA IT 
has adopted a proactive process that combines actively monitoring project performance 
through regular in-process reviews, known as project health checks, and monthly high 
risk assessments. 

As CIO, my office is intimately involved with the review, management, and oversight of 
IT expenditures from the initial budget request to execution and completion of each 
project. This is achieved through high risk investment reviews, project health checks, 
benefits realization, application rationalization, and authorizing reprogramming of funds 
and re-baselining of investments within the IT budget. The goal of this process is to 
synthesize investment management and project management oversight. For example, 
monthly project health checks assess major IT initiative performance and risk 
management via a review of the information contained in the monthly control reports for 
all GSA major IT Investments and GSA's project management information system. To 
identify any investments that are or may become "at risk," my office conducts monthly 
high risk assessments to resolve issues in a timely manner. 

Data Center Consolidation 

Data center consolidation is central to our strategy to reduce our IT costs, and has 
benefitted from the consolidation of all IT employees, processes, technologies, and 
budgets under the GSA CIO. As part of the Office of Management and Budget (0MB) 
Federal Data Center Consolidation Initiative (FDCCI), GSA IT has reduced its overall 
number of data centers and consolidated their functionality to the agency’s core data 
centers. This consolidation has saved or avoided costs totaling approximately $29 
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million between FY 2012 and FY 2015', For example, GSA migrated and consolidated 
the Bannister Data Center to the NASA Shared Services Center (NSSC) (located at 
Stennis Space Center) and reduced floor space by more than 50 percent. Currently, 
GSA has three core data centers, as well as multiple regional data centers. The future 
goal of GSA IT is to consolidate all core and regional data centers into just three primary 
data centers. 

Enterprise-wide Planning 

To ensure that IT investments within various GSA divisions, such as the Public 
Buildings Service (PBS) and the Federal Acquisition Service (FAS), are aligned with the 
long-term IT vision of the agency, my office collaborates with these and other offices to 
provide guidance and support. The IT executives supporting these offices report 
directly to the GSA CIO and formulate technology solutions and manage IT investments 
with clear understanding of GSA IT enterprise management requirements and clear 
direction from the CIO. Through the executive business case process, GSA’s 
enterprise governance program advisory boards and the IRB review investment 
requests that exceed $500,000. GSA’s Deputy Administrator, CFO, CIO, Chief 
Acquisition Officer (CAO), and business line commissioners are members of the IRB 
and contribute to this review process. In addition, GSA is working to establish criteria 
and initiate programs to identify and develop an IT cadre within the agency. 

Optimizing IT Vendor Spending 

To identify opportunities to reduce the cost and number of IT contracts, GSA has 
established an IT Vendor Management Office (VMO) to maintain a centralized view of 
IT spending. One function of the IT VMO is to establish a process to classify all IT 
vendors as strategic, critical, standard, or sustaining, and develop an evolving portfolio 
of strategic vendors supporting critical, key integrated IT requirements and functions. 
Additionally, the IT VMO evaluates new, emerging, and innovative vendor capabilities. 
This effort helps to identify opportunities to consolidate or eliminate duplicative 
technologies and contracts resulting in more efficient enterprise solutions for the 
agency, while continuing to support opportunities for small and disadvantaged 
businesses. From FY 2014 to FY 2015, consolidation efforts have resulted in 
approximately $5.5 million in a combination of cost savings and cost avoidance. 

Acquisition of Software 

To improve the way the government purchases, maintains, and manages software, 
FITARA requires GSA, in collaboration with OMB, to expand strategic sourcing 
initiatives to include software, clearing the way for government-wide enterprise licensing 


' OMB Quarterly Report to Congress: Information Technology Oversight and Reform, October 2015 


3 



33 


agreements.^ Currently, software licensing terms and conditions vary not only from 
agency to agency, but even within agencies. Varied purchase methods and limited 
visibility on pricing and terms create inefficiencies across government. To address this 
problem, GSA has included software in its Category Management initiative. Category 
Management allows the Federal government to buy as a single entity, and enables 
better understanding of buying trends and cost drivers, and encourages identification of 
new innovations and emerging companies. 

As part of this effort, 0MB, GSA, and the Department of Defense (DOD) created an 
enterprise software category team (ESCT) to reduce the wasteful and redundant 
purchasing of licenses. The ESCT is leading efforts to improve management of common 
spending by capturing prices paid data, establishing standard terms and conditions on 
license agreements, standardizing end user license agreements (EULAs), and 
establishing government-wide enterprise license agreements and contracts. 

The ESCT meets weekly to discuss specific initiatives and potential issues and 
challenges. This entails working across the federal government to understand how 
agencies are purchasing software today and the challenges facing agencies in 
developing requirements and purchasing and managing licenses. The ESCT identifies 
strategies that agencies can use to evolve purchasing behavior into an enterprise-wide 
approach. 


NEXT STEPS 

In an effort to drive transparency and help our organizations make better strategic 
decisions, GSA is currently establishing a common cloud-based technology platform, 
known as data-to-decisions (D2D), to migrate and manage all key enterprise data 
assets. The migration of the critical datasets and the development of rich data analytics 
capabilities will empower GSA's senior leadership team to make better informed 
strategic decisions and enable line managers to align on the same data inputs as the 
leadership team. 

As for the FDCCl effort, GSA plans to close an additional 28 data centers, resulting in 
approximately $2.5 million in cost savings and cost avoidance over the next two fiscal 
years. GSA also plans to continue migrating systems and applications to the Cloud. 
GSA is looking for ways to leverage the Integrated Award Environment (lAE) Common 
Services Platform to build an enterprise-wide, DevOps-enabling cloud capability that will 
allow rapid, agile delivery to internal and external customers. Finally, GSA will use cloud 


^ P.L,1 13-291 sec. 837 
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service providers to launch modernized acquisition applications, such updates to 
FBO.gov, CFDA.gov, and FPDS.gov. 


CONCLUSION 

While GSA has made significant progress in implementing the key components of 
FITARA, there is still more work ahead. Through consolidation and by driving efficiency 
into the GSA computing enterprise, GSA has increased the usability of our systems; 
eliminated duplicative processes, systems, and applications; and standardized our 
processes using industry best practices and solutions. 

I look forward to continuing to work with GSA senior agency officials, 0MB, federal 
agency CIOs, and the members of this Committee to ensure that GSA is effectively 
implementing FITARA to reduce costs and increase the value of our IT acquisitions. I 
thank the Subcommittees for the opportunity to testify today and look forward to 
answering your questions. 
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Mr. Meadows. Thank you so much. 

Mr. Powner, good to have you back with us. You are recognized 
for 5 minutes. 


STATEMENT OF DAVID A. POWNER 

Mr. Powner. Chairmen Meadows, Hurd, Ranking Members Con- 
nolly and Kelly, I would like to first thank you for your leadership 
on the implementation of FITARA with your first set of grades. 
Your initial focus on improving transparency of the projects on the 
Dashboard, delivering in smaller increments, and holding agencies 
accountable for savings on data center closings and duplicative 
spending will greatly help agencies with their implementation ef- 
forts. 

I’d like to briefly comment on each of the four areas on your 
scorecard, starting with incremental development. 

FITARA requires that CIOs certify that IT investments deliver 
in increments consistent with 0MB policy, which requires that 
major investments deliver in 6 months. Agencies such as VA, GSA, 
and EPA do a good job in this area. Agencies self-report that, over- 
all, 58 percent of the projects in development are planning to de- 
liver in 6 months. Our ongoing work for this committee shows that 
this number greatly overstates the extent to which agencies are de- 
livering incrementally. Therefore, grades in this area for some 
agencies are too high and may need a downward adjustment in the 
future. 

Next, Dashboard transparency. FITARA codified the IT Dash- 
board and CIO risk ratings for the approximately 750 major invest- 
ments across the departments. These ratings simply say whether 
each investment is low-, medium-, or high-risk. The Dashboard 
tells us that about 160 investments, totaling about $10.5 billion, is 
moderate- or high-risk and that 76 percent of the IT dollars the 
government invests in is low-risk. 

These totals are nowhere near reality, given the troubled IT ac- 
quisitions and the old, antiquated legacy systems the government 
has. CIOs need to be more transparent and accurate in this area, 
and our ongoing work will show that many of these CIO ratings 
are not acknowledging risk appropriately. Agency CIO ratings that 
do acknowledge a fair amount of risk include Commerce and EPA. 

Next, PortfolioStat. FITARA requires that agencies review their 
IT portfolios and address waste and duplication. When 0MB first 
started this effort, there were over 200 initiatives, totaling nearly 
$6 billion in planned savings. However, our latest report showed 
that the baseline is much lower and there has been inconsistent re- 
porting to GAO, 0MB, and the Congress. Some agencies, like SSA 
and Treasury, have reported significant savings. 

We have over 60 recommendations to 0MB and agencies in this 
area, and FITARA and your grades will help refocus needed atten- 
tion here. 

Next, data center consolidation. This is the big dollar-savings 
area. FITARA requires annual, publicly reported updates on sav- 
ings. Our ongoing review for this committee highlights the impor- 
tance of this section of the law. 

Twenty-one-hundred more data centers are now being reported to 
us, for a total of 11,700 centers. 
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Representative Connolly, you missed one update in the baseline. 
We were at about 9,600, and now we’re at 11,700. 

Over 3,300 have been closed to date, and the government plans 
to close an additional 2,000 centers. Over $2.5 billion have been 
saved, and there is another $5.5 billion on the table. So, in total, 
the government plans to close 5,000 centers and save about $8 bil- 
lion. 

Mr. Chairman, this $8 billion total should actually be much high- 
er since some agencies have lowballed their targets and not all 
agencies have new cost estimates in. The top five agencies in data 
center savings are Treasury, DOD, DHS, Transportation, and Com- 
merce. 

I’d like to comment on the data sources used to grade agencies. 
It’s not perfect, as we’ve discussed, but it’s the best data available, 
agencies own it, and they need to get it right. The data primarily 
comes from the IT Dashboard and the quarterly savings report sub- 
mitted to the appropriation committees. We believe your grades 
and oversight will greatly improve the accuracy of the data and at- 
tention to these areas and ultimately more progress. In addition, 
our reviews will highlight where agencies’ self-reporting is inac- 
curate. 

A critical and additional area where oversight is needed with 
your scorecard in the future, as we have discussed, is CIO authori- 
ties. We would recommend a close review of the FITARA imple- 
mentation plans when approved and whether CIOs are exercising 
their enhanced authorities. Until these authorities are strength- 
ened significantly, agencies will struggle to comprehensively imple- 
ment FITARA. 

I would like to thank Tony Scott for his leadership, specifically 
on enhancing the transparency by making the FITARA implemen- 
tation plans publicly available, his recent strategic sourcing en- 
hancements associated with desktop purchases, and calling for 
more focus and attention on GAO’s IT recommendations. 

Chairman Meadows, Ranking Members Connolly and Kelly, 
thank you again for your leadership. We look forward to working 
with you further on your scorecard and oversight. 

[Prepared statement of Mr. Powner follows:] 
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Highli g hts 

Highlights of GAO-16-204T. a testimony 
before the Subcommittees on Government 
Operations and information Technology, 
Committee on Oversight and Government 
Reform, House of Representatives 


Why GAO Did This Study 

The federal government invests more 
than $80 billion annually in IT, 
However, these investments frequently 
fail, incur cost overruns and schedule 
slippages, or contribute little to 
mission-related outcomes. As GAO 
has previously reported, this 
underperformance of federal IT 
projects can be traced to a lack of 
disciplined and effective management 
and inadequate executive-level 
oversight. Accordingly, in December 

2014, IT reform legislation was 
enacted, aimed at improving agencies' 
acquisition of IT. Further, earlier this 
year GAO added improving the 
management of IT acquisitions and 
operations to its high-risk list— -a list of 
agencies and program areas that are 
high risk due to their vulnerabilities to 
fraud, waste, abuse, and 
mismanagement, or are most in need 
of transformation. 

This statement provides information on 
FITARA and GAO’s designation of IT 
acquisitions and operations as a high- 
risk area. In preparing this statement, 
GAO relied on its previously published 
work in these areas. 

What GAO Recommends 

Over the last 6 years, GAO made 
about 800 recommendations to 0MB 
and agencies to improve acquisition 
and operations of IT. As of October 

2015, about 32 percent of these had 
been implemented. It will be critical for 
agencies to implement the remaining 
GAO recommendations and the 
requirements of FITARA to achieve 
improvements. 


ViewGAO-16-204T. For more information, 
contact David A. Povmer at (202) 512-9286 or 
pownerd@gao.gov, Carol Cha at (202) 512- 
4456 or chac@gao.gov, or Valerie Melvin at 
(202) 512-6304 or melvinv@gao,gov. 


INFORMATION TECHNOLOGY 

Implementation of Reform Legislation Needed to 
Improve Acquisitions and Operations 


What GAO Found 

The law commonly referred to as the Federal information Technology Acquisition 
Reform Act (FITARA) was enacted in December 2014 and aims to improve 
federal infoimatfon technology (IT) acquisition and operations. The law includes 
specific requirements related to seven areas. For example, it addresses 

• Agency Chief Information Officer (CIO) authority enhancements. Among 
other things, agency CIOs are required to approve the IT budget requests of 
their respective agencies and certify that IT investments are adequately 
Impl^enting the Office of Management and Budget’s (0MB) incremental 
development guidance. 

• Enhanced transparency and improved risk management. 0MB and 
agencies are to make publicly available detailed information on federal IT 
investments, and agency CIOs are to categorize IT investments by risk. 
Additionally, if major IT Investments are rated as high risk for 4 consecutive 
quarters, the agencies are to conduct a review of the investment. 

• Portfolio review. Agencies are to annually review IT investment portfolios in 
order to, among other things, increase efficiency and effectiveness, and 
identify potential waste and duplication. 0MB is required to develop 
standardized performance metrics, to include cost savings, and to submit 
quarterly reports to Congress on cost savings. 

• Federal data center consolidation initiative. Agencies are required to 
provide 0MB with a data center inventory, a strategy for consolidating and 
optimizing the data centers (to include planned cost savings), and quarterly 
updates on progress made. 0MB is required to develop a goal of how much 
is to be saved through this initiative, and report on progress annually, 

• Maximizing the benefit of the federal strategic sourcing initiative. 
Federal agencies are required to compare their purchases of services and 
supplies to what is offered under the Federal Strategic Sourcing initiative. 

0MB has released guidance for agencies to implement provisions of FITARA, 
which includes actions agencies are to take regarding responsibilities for CIOs. 
The guidance also reiterates OMB’s existing guidance on IT portfolio 
management, a key transparency website, and the federal data center 
consolidation initiative; and expands its existing guidance on reviews of at-risk 
investments. Agencies were to conduct a self-assessment and submit a plan to 
0MB by August 201 5 describing the changes they will make to ensure that 
responsibilities are implemented. Further, portions of these plans are required to 
be made publicly available 30 days after OMB's approval; as of October 30, 

201 5. none of the 24 Chief Financial Officers Act agencies had done so. 

Further. FiTARA’s provisions are similar to areas covered by GAO's high risk 
area to Improve the management of IT acquisitions and operations. For example, 
GAO has noted that improvements are needed in federal efforts to enhance 
transparency, consolidate data centers, and streamline agencies' IT investment 
portfolios. To demonstrate progress in addressing this high-risk area, agencies 
will need to Implement the legislation’s provisions and GAO’s outstanding 
recommendations. 
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Chairmen Meadov»« and Hurd, Ranking Members Connoiiy and Keiiy, 
and Members of the Subcommittees; 

I am pleased to be here today to discuss the recently enacted federal 
information technology (IT) acquisition reform legislation (commonly 
referred to as the Federal Information Technology Acquisition Reform Act 
or FITARA)^ and our recent designation of IT acquisitions and operations 
as a government-wide high-risk area.^ As you know, the effective and 
efficient acquisition and management of IT Investments has been a long- 
standing challenge in the federal government. In particular, the federal 
government has spent billions of dollars on failed and poorly performing 
IT investments, which often suffered from ineffective management, 
moreover spending on IT operations has been inefficient. Over the last 6 
fiscal years, we have made about 800 recommendations to address 
weaknesses in agencies’ IT acquisitions and operations. 

My statement today will discuss FITARA requirements and our 
designation of IT acquisitions and operations as a high-risk area. We 
based this work upon prior reports and updates from agencies regarding 
our recommendations. A more detailed discussion of the objectives, 
scope, and methodology of this work is included in each of the reports 
that are cited throughout this statement.’ We conducted the work on 
which this statement is based in accordance with generally accepted 
government auditing standards. Those standards require that we plan 
and perform the audit to obtain sufficient, appropriate evidence to provide 
a reasonable basis for our findings and conclusions based on our audit 
objectives. We believe that the evidence obtained provides a reasonable 
basis for our findings and conclusions based on our audit objectives. 


’Federal Information Technology Reform provisions of the Carl Levin and Howard P. 
'Buck’ McKeon National Defense Authorization Act for Fiscal Year 201 5, Pub. L. No. 1 1 3- 
291. div. A. title VIM. subtitle D. 128 Stat. 3292, 3438-3450 (Dec. 19, 2014), 

’^GAO, High-Risk Series: An Update, GAO-15-290 (Washington, D.C.; Feb. 11, 2015). 
GAO maintains a high-risk program to focus attention on government operations that it 
identifies as high risk due to their greater vulnerabilities to fraud, waste, abuse, and 
mismanagement or the need for transformation to address economy, efficiency, or 
effectiveness challenges. 

’See the related GAO products page at the end of this statement for a list of the reports 
on which this testimony is based. 
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Background 

The federal government Invests more than $80 billion annually in IT, but 
many of these investments fail to meet cost and schedule expectations or 
make significant contributions to mission-related outcomes. We have 
previously testified that the federal government has spent billions of 
dollars on failed IT investments,'^ such as 

• the Department of Defense’s (DOD) Expeditionary Combat Support 
System, w^ich was canceled in December 2012, after spending more 
than a billion dollars and failing to deploy within 5 years of initially 
obligating funds; 

• the Department of Homeland Security's Secure Border Initiative 
Network program, which was ended in January 201 1 . after the 
department obligated more than $1 billion to the program, because it 
did not meet cost-effectiveness and viability standards; 

• the Department of Veterans Affairs' (VA) Financial and Logistics 
Integrated Technology Enterprise program, which was intended to be 
delivered by 2014 at a total estimated cost of $609 million, but was 
terminated in October 201 1 due to challenges in managing the 
program; 

• the Farm Service Agency’s Modernize and Innovate the Delivery of 
Agricultural Systems program, which was to replace aging hardware 
and software applications that process benefits to farmers, was halted 
after investing about 10 years and at least $423 million, while only 
delivering about 20 percent of the functionality that was originally 
planned. 

• the Office of Personnel Management’s Retirement Systems 
Modernization program, which was canceled in February 201 1 , after 
spending approximately $231 million on the agency’s third attempt to 
automate the processing of federal employee retirement claims; 

• the National Oceanic and Atmospheric Administration, DOD, and the 
National Aeronautics and Space Administration's National Polar- 
orbiting Operational Environmental Satellite System, which was a trl- 
agency weather satellite program that the White House Office of 
Science and Technology stopped in February 2010 after the program 
spent 16 years and almost $5 billion; and 


'*GAO. Information Technology: Additional Actions and Oversight Urgently Needed to 
Reduce Waste and Improve Performance in Acquisitions and Operations, GAO-1 5-675T 
(Washington. D.C.; June 10, 2015). 
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• the VA Scheduling Replacement Project, which was terminated in 
September 2009 after spending an estimated $127 million over 9 
years. 

These and other failed IT projects often suffered from a lack of disciplined 
and effective management, such as project planning, requirements 
definition, and program oversight and governance. In many instances, 
agencies had not consistently applied best practices that are critical to 
successfully acquiring IT investments. 

Federal IT projects have also failed due to a lack of oversight and 
governance. Executive-level governance and oversight across the 
government has often been ineffective, specifically from chief information 
officers (CIO). For example, we have reported that not all CIOs had the 
authority to review and approve the entire agency IT portfolio and that 
CIOs’ authority was limited.® 


Recent Legislation Can Improve Agencies’ Management of IT 

Recognizing the severity of issues related to government-wide 
management of IT, in December 2014, Congress enacted IT reform 
legislation, FITARA.® The law holds promise for improving agencies’ 
acquisition of IT and enabling Congress to monitor agencies’ progress 
and hold them accountable for reducing duplication and achieving cost 
savings. FITARA includes specific requirements related to seven areas. 

• Agency CIO authority enhancements.^ Agency CIOs are required 
to (1) approve the IT budget requests of their respective agencies, (2) 
certify that IT investments are adequately implementing OMB’s 
incremental development guidance, (3) review and approve contracts 
for IT, and (4) approve the appointment of other agency employees 
with the title of CIO. 

• Enhanced transparency and improved risk management. OMB 
and agencies are to make publicly available detailed information on 
federal IT investments, and agency CIOs are to categorize their IT 


®GAO. Federal Chief In^rmation Officers: Opportunities Exist to Improve Role in 
Information Technology Management, GAO-11-634 (Washington, D.C,; Sept, 15, 2011). 

®Pub, L No. 113-291, div. A. title VIII. subtitle D § 831(a) (Dec, 19, 2014). 

^The prowsions apply to the agencies covered by the Chief Financial Officers Act of 1 990 
31 U.S.C- § 901(b), except that the Department of Defense is exempted from this and 
other activities. 
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investments by risk. Additionaliy, in the case of major IT investments 
that rated as high risk for 4 consecutive quarters, the law requires that 
the agency CIO and the investment’s program manager conduct a 
review aimed at identifying and addressing the causes of the risk. 

• Portfolio review. Agencies are to annually review IT investment 
portfolios in order to. among other things, increase efficiency and 
effectiveness, and identify potential waste and duplication. In 
developing the associated process, the law requires OMB to develop 
standardized performance metrics, to include cost savings, and to 
submit quarterly reports to Congress on cost savings. 

• Federal data center consolidation initiative (FDCCI). Agencies are 
required to provide OMB with a data center inventory, a strategy for 
consolidating and optimizing the data centers (to include planned cost 
savings), and quarterly updates on progress made. The law also 
requires OMB to develop a goal of how much is to be saved through 
this initiative, and provide annual reports on cost savings achieved. 

• Expansion of training and use of IT cadres. Agencies are to update 
their acquisition human capital plans to address supporting the timely 
and effective acquisition of IT. In doing so, the law calls for agencies 
to consider, among other things, establishing IT acquisition cadres or 
developing agreements with other agencies that have such cadres. 

• Maximizing the benefit of the federal strategic sourcing initiative. 
Federal agencies are required to compare their purchases of services 
and supplies to what is offered under the Federal Strategic Sourcing 
initiative. OMB is also required to issue related regulations. 

• Government-wide software purchasing program. The Genera! 
Sen/ices Administration is to develop a strategic sourcing initiative to 
enhance government-wide acquisition and management of software, 
in doing so. the law requires that, to the maximum extent practicable, 
the General Services Administration should allow for the purchase of 
a software license agreement that Is available for use by all Executive 
Branch agencies as a single user. 

In addition, in June 2015, the Office of Management and Budget (OMB) 

released guidance describing how agencies are to implement the law.® 

OMB’s guidance states that it is intended to, among other things; 

• assist agencies in aligning their IT resources to statutory 
requirements; 


®OMB, Management and Oversight of Information Technology. Memorandum M-15-14 
(Washington, D C.; June 10, 2015). 
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• establish government-wide IT management controls that will meet the 
law’s requirements, while providing agencies with flexibility to adapt to 
unique agency processes and requirements; 

• clarify the CIO’s role and strengthen the relationship between agency 
CIOs and bureau CIOs; and 

• strengthen CIO accountability for IT cost, schedule, performance, and 
security. 

In this regard, the guidance reiterates OMB’s existing guidance on 
PortfolioStat. the IT Dashboard, and the federal data center consolidation 
initiative, and expands its existing guidance on TechStat sessions. 

The guidance includes several actions agencies are to take to establish a 
basic set of roles and responsibilities (referred to as the “common 
baseline”) for CIOs and other senior agency officials that are needed to 
implement the authorities described in the law. For example, agencies 
were required to conduct a self-assessment and submit a plan describing 
the changes they will make to ensure that common baseline 
responsibilities are implemented. Agencies were to submit their plans to 
OMB’s Office of E-Government and Information Technology by August 
15, 2015, and make portions of the plans publicly available on agency 
websites no later than 30 days after 0MB approval. As of October 30, 
2015, none of the 24 Chief Financial Officers Act agencies have made 
their plans publicly available. 

The guidance also noted that 0MB will help support agency 
implementation of the common baseline by. for example, requiring the 
Federal CIO Council® to. on quarterly basis, discuss topics related to the 
implementation of the common baseline and to assist agencies by 
sharing examples of agency governance processes and IT policies. 
Further, by June 30. 2015, the President’s Management Council® was to 
select three members from the council to provide an update on 
government-wide implementation of FITARA on a quarterly basis through 
September 2016. However, as of October 28, 2015, 0MB officials stated 
that the President’s Management Council had not yet selected members 
to provide these updates. 


®The Federal CIO Council is the principal interagency forum to improve agency practices 
on such matters as the design, modernization, use, sharing, and performance of agency 
information resources. 

''®The President’s Manag^ent Council is chartered to ensure that management reforms 
are implemented acjoss the executive branch. It is composed of a senior official 
responsible for organizational management from each cabinet-ievel department and 
selected agencies. 
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in addition, OMB recently issued a memorandum regarding commodity il 
acquisitions and noted that agencies buy and manage their IT In a 
fragmented and Inefficient manner which conflicts with the goals of 
FITARA. Among other things, the memorandum directed agencies to 
standardize laptop and desktop configurations for common requirements 
and reduce the number of contracts for laptops and desktops by 
consolidating purchasing. The memorandum notes that OMB intends for 
agencies to Implement standard configurations over time by using 
approved contracts, with a government-wide goal of 75 percent of 
agencies using approved contracts by fiscal year 2018. The 
memorandum requires agencies to develop transition plans to achieve 
this goal and submit them to OMB by February 28, 2016. 


IT Acquisitions and Operations Recently Added as a GAO High- 
Risk Area 


Our government-wide high-risk area Improving the Management of IT 
Acquisitions and Operations highlights critical IT initiatives, four of which 
align with provisions in FITARA: (1) an emphasis on incremental 
development, (2) a key transparency initiative, (3) efforts to consolidate 
data centers, and (4) efforts to streamline agencies’ portfolios of IT 
investments. Our high-risk report notes that implementation of these 
initiatives had been inconsistent, and more work remained to demonstrate 
progress in achieving IT acquisition outcomes. Implementing the 
provisions from the law, along with our outstanding recommendations, will 
be necessary for agencies to demonstrate progress in addressing this 
high-risk area. 

Incremental Development 

OMB has emphasized the need to deliver investments in smaller parts, or 
Increments, in order to reduce investment risk, deliver capabilities more 
quickly, and facilitate the adoption of emerging technologies. In 2010, It 
called for agencies’ major investments to deliver functionality every 1 2 
months and, since 2012, every 6 months. However, we recently reported 
that less than half of selected investments at five major agencies planned 


Category Management Policy 15-1: Improving the Acquisition and Management of 
Common Information Technobgy: Laptops and Desktops, M-16-02 (Washington, D.C,: 

Oct. 16. 2015). 
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to deliver capabilities in 12-month cycles. Accordingly, we 
recommended that OMB develop and issue clearer guidance on 
incremental development and that selected agencies update and 
implement their associated policies. Most agencies agreed with our 
recommendations or had no comment. 

Reviews of Troubled Projects 

in January 2010, the Federal CIO began leading TechStat sessions— 
face-to-face meetings to terminate or turn around IT investments that are 
failing or are not producing results. These meetings involve OMB and 
agency leadership and are intended to increase accountability and 
improve performance. OMB reported that federal agencies achieved over 
$3 billion in cost savings or avoidances as a result of these sessions in 
2010. Subsequently, OMB empowered agency CIOs to hold their own 
TechStat sessions within their respective agencies. 

We have since reported that OMB and selected agencies held multiple 
TechStats, but additional OMB oversight was needed to ensure that these 
meetings were having the appropriate impact on underperforming 
projects and that resulting cost savings were valid. We concluded that 
until OMB and agencies develop plans to address these investments, the 
investments would likely remain at risk. Among other things, we 
recommended that OMB require agencies to address high-risk 
investments. OMB generally agreed with this recommendation. 

However, as of October 28, 2015, OMB has only conducted one TechStat 
review in the last 2 years. In particular, between March 2013 and October 
2015, OMB held one TechStat on the Department of State’s legacy 
consular systems investment in July 2015. Moreover, OMB has not listed 
any savings from TechStats in any of its required quarterly reporting to 
Congress since June 2012. 

Key Transparency Initiative 

To help the government achieve transparency while managing legacy 
investments, in June 2009, OMB established a public website (referred to 
as the IT Dashboard) that provides detailed information on major IT 
investments at 27 federal agencies, including ratings of their performance 


''^GAO. Information Technology: Agencies Need to Establish and Implement Incremental 
Development Policies, GAO-14-361 (Washington, D.C,: May 1, 2014). 

^^GAO. Information Technology: Additional Executive Review Sessions Needed to 
Address Troubled Projects, GAO-13-524 (Washington, D.C.: June 1 3, 2013). 
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against cost and schedule targets.^** Among other things, agencies are to 
submit ratings from their CIOs, which, according to OMB’s instructions, 
should reflect the level of risk facing an investment relative to that 
investment’s ability to accomplish its goals. 


As of August 2015, according to the IT Dashboard, 163 of the federal 
government’s 738 major IT investments — totaling $9.8 billion — ^were in 
need of management attention (rated “yellow” to indicate the need for 
attention or “red” to indicate significant concerns). (See fig. 1 .) 


Figure 1: Overall Performance Ratings of Major Investments on the if Dashboard, 
as of August 2015 



$7.6 billion 

129 investments 

$2.2 billion 
34 Investments 


$31.8 bllMon 

575 investments 


Significant attention 


Source: OViet of Management and Budget's fT Dathboard. | GAO>16>204T 


Over the past several years, we have made over 20 recommendations to 
help improve the accuracy and reliability of the information on the iT 


’'’GAO, IT Dashbosrd: Agencies Are Managing Investment Risk, but Related Ratings 
Need to Be More Accurate and Available. GAO-14-64 (Washington, D.C.: Dec. 12, 2013). 
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Dashboard and to increase its availability.’® Most agencies agreed with 
our recommendations or had no comment. 

Reviews of Operational Systems 

In addition to spending money on new IT development, agencies also 
plan to spend a significant amount of their fiscal year 2016 IT budgets on 
the operations and maintenance (O&M) of legacy (i.e., steady-state) 
systems. From fiscal year 2010 to fiscal year 2016, this amount has 
increased, while the amount invested in developing new systems has 
decreased by about $7.1 billion. (See figure 2.) This raises concerns 
about agencies' ability to replace systems that are no longer cost- 
effective or that fail to meet user needs. 


’®GAO*14-64; GAO, Information Technology Dashboard: Opportunities Exist to Improve 
Transparency and Oversight of Investment Risk at Select Agencies, GAO-13-98 
(Washington, D.C.; Oct. 16. 2012); IT Dashboard: Accuracy Has Improved, and Additional 
Efforts Are Under Way to Better Inform Decision Making, GAO-12-210 (Washington, D.C.: 
Nov. 7, 2011); Information Technology: 0MB Has Made Improvements to Its Dashboard, 
but Further Work Is Needed by Agencies and 0MB to Ensure Data Accuracy. GAO-1 1 - 
262 (Washington, D.C.; Mar. 15, 2011); and Information Technology: OMB's Dashboard 
Has Increased Transparency and Oversight, but Improvements Needed, GAO-1 0-701 
(Washington, D.C.: Ji^y 16, 2010). 
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Figure 2: Summary of IT Spending by Fiscal Year from 2010 through 2016 (Dollars in Billions) 

Tota! Intorniation technoSogy spending (in billions) 
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Of the more than $79 billion budgeted for federal IT in fiscal year 2016,’® 
26 federal agencies" plan to spend about $60 billion, more than three- 


’®This $79 billion represents what agencies reported to 0MB on how much they plan to 
spend on IT and how these funds are to be allocated. This figure does not include 
spending for DOD classified IT systems, details of which are not included on the IT 
Dashboard. Moreover, this $79 billion figure is understated. Specifically, it does not 
include IT investments by 58 independent executive branch agencies, including the 
Central Inleiiigence Agency, or by the legislative or judicial branches. Additionally, not all 
executive branch IT investments are included in this estimate because agencies have 
differed on what they considered an IT investment. For example, some have considered 
reseaioh and development systems as IT investments, while others have not. 

^^The 26 agencies are the Departments of Agriculture, Commerce. Defense, Education, 
Energy. Health and Human Services, Homeland Security, Housing and Urban 
Development, the Interior, Justice. Labor, State, Transportation, the Treasury, and 
Veterans Affairs; U.S. Army Corps of Engineers. Environmental Protection Agency; 
General Services ^ministration; National Aeronautics and Space Administration; National 
Archives and Records Administration; National Science Foundation; Nuclear Regulatory 
Commission; Office of Personnel Management; Small Business Administration; Social 
Security /Viministration; and U.S. Agency for International Development- 
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quarters of the total budgeted, on the O&M of legacy investments. Figure 
3 provides a visual summary of the relative cost of major and nonmajor 
investments, both in development and O&M. 


Figure 3: Summary of Planned Fiscal Year 2016 Wajor and Nonmajor Investments In Development and Operations and 
Maintenance (Dollars in Billions) 
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Given the size and magnitude of these investments, It is important that 
agencies effectively manage the O&M of existing investments to ensure 
that they (1) continue to meet agency needs, (2) deliver value, and (3) do 
not unnecessarily duplicate or overlap with other investments. To 
accomplish this, agencies are required by 0MB to perform annual 
operational analyses of these investments, which are intended to serve 
as periodic examination of an investment's performance against, among 
other things, established cost, schedule, and performance goals. 

However, we have reported that agencies were not consistently 
performing such analyses and that billions of dollars in O&M investments 
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had not undergone needed analyses.^® Specificaiiy, as detailed in our 
November 2013 report, only 1 of the government’s 10 largest O&M 
investments underwent an OMB-required operational analysis. We 
recommended that operational analyses be completed on the remaining 9 
investments. Most agencies generally agreed with our recommendations. 

Consolidating Data Centers 

To Improve the efficiency, performance, and environmental footprint of 
federal data center activities, 0MB, established the federal data center 
consolidation initiative in February 2010. In a series of reports, we found 
that, while data center consolidation could potentially save the federal 
government billions of dollars, weaknesses existed in the execution and 
oversight of the initiative. 

Most recently, we reported that, as of May 2014, agencies collectively 
reported that they had a total of 9,658 data centers;^^ as of May 2015, 
they had closed 1,684 data centers and were planning to close an 
additional 2,431 — for a total of 4, 11 5 — by the end of September 2015.^° 
We also noted that between fiscal years 2011 and 2017, agencies 
reported planning a total of about $5.3 billion in cost savings and 
avoidances due to the consolidation of federal data centers. In 
correspondence subsequent to the publication of our report, DOD’s Office 
of the CIO identified an additional $2.1 billion in savings to be realized 
beyond fiscal year 2017, which increased the total savings across the 
federal government to about $7.4 billion. Further, since our May 2014 
report we received additional information from other agencies about their 
actual 2014 cost savings and revised plans for future savings. This 
information is shown in table 2, which provides a summary of agencies' 
total data center cost savings and cost avoidances between fiscal years 
2011 and 2017, as well as DOD cost savings and cost avoidances to be 
realized beyond 2017. 


'’®GAO. Information Technology: Agencies Need to Strengthen Oversight of Multibillion 
Dollar Investments in Operations and Maintenance, GAO-14-66 (Washington, D.C.; Nov. 
6, 2013), and Information Technology: Agencies Need to Strengthen Oversight of Billions 
of Dollars in Operations and Maintenance Investments. GAO-13-87 (Washington, D.C.; 
Oct.16. 2012). 

^^GAO. Data Center Consolidation: Reporting Can Be Improved to Reflect Substantial 
Planned Savings, GAO-14-713 (Washington, D C.; Sept. 25, 2014). 

^°We have ongoing wofk to determine the total data center closures completed through 
fiscal year 2015. 
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Table 2: Agencies’ Data Center Consolidation Cost Savings and Avoidances 
(Dollars in MilNons) 

Estimated and actual 

Planned 


Fiscal year 2011 2012 2013 2014 

2015 2016 2017 

Beyond 

2017 Total 

Total 

$193 S266 $666 $853 

$1,250 $917 $1,144 

$2,100 $7,389 

avoidances 



$1,978 total 

$5,411 total 



Source: GAO ar^as of agency Oala. j GM>16-204T 
Note: Totals may not add due to rounding. 


However, in our September 2014 report, we noted that planned savings 
may be understated because of difficulties agencies encountered when 
calculating savings and communicating their estimates to 0MB. We made 
recommendations to ensure the initiative improves efficiency and 
achieves cost savings. Most agencies agreed with our recommendations 
or did not comment. 

Portfolio Management 

To better manage existing IT systems. 0MB launched the PortfolioStat 
initiative, which requires agencies to conduct an annual, agency-wide (T 
portfolio review to, among other things, reduce commodity IT^^ spending 
and demonstrate how their IT investments align with the agency’s mission 
and business functions. In November 2013, we reported that agencies 
continued to identify duplicative spending as part of PortfolioStat and that 
this initiative had the potential to save at least $5,8 billion through fiscal 
year 2015; however, weaknesses existed in agencies’ implementation of 
the initiative, such as limitations in the CIOs’ authority. We made more 
than 60 recommendations to improve OMB’s and agencies’ 
implementation of PortfolioStat. 0MB partially agreed with our 
recommendations, and responses from 21 of the agencies varied, with 
some agreeing and others not. 


^’According to 0MB, commodity IT includes services such as IT infrastructure (data 
centers, networks, desktop computers and mobile devices); enterprise IT systems (e-mail, 
collaboration tools, identity and access management, security, and web Infrastructure); 
and business systems (finance, human resources, and other administrative functions). 

^^GAO, Information Technology: Additional 0MB and Agency Actions Are Needed to 
Achieve Portfolio Savings, GAO-14-65 (Washington, D.C.; Nov. 6, 2013). 
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In April 2015, we reported that agencies decreased their planned 
PortfolioStat savings to approximately $2 billion — a 68 percent reduction 
from the amount they reported to us in 2013.^^ Additionally, although 
agencies also reported having achieved approximately $1.1 billion in 
savings, inconsistencies In OMB’s and agencies’ reporting made it difficult 
to reliably measure progress in achieving savings. Among other things, 
we made recommendations to 0MB aimed at improving the reporting of 
achieved savings, with which it agreed. 

We have also recently reported on two additional key areas of agency’s 
IT spending portfolio: software licensing and mobile devices. 

• Regarding software licensing, we recently reported that better 
management was needed to achieve significant savings government- 
wide.^^ In particular, 22 of the 24 major agencies we reviewed did not 
have comprehensive license policies, and only 2 had comprehensive 
license inventories. We recommended that 0MB issue needed 
guidance to agencies and made more than 130 recommendations to 
the agencies to improve their policies and practices for managing 
software licenses. 0MB disagreed with the need for guidance. 
However, we believe that without such guidance, agencies will likely 
continue to lack the visibility into what needs to be managed. Most 
agencies generally agreed with the recommendations or had no 
comments. 

• We have also reported^® that most of the 1 5 agencies in our mobile 
devices review did not have an inventory of mobile devices and 
associated services, and only 1 of the 15 agencies we reviewed had 
documented procedures for monitoring spending. Accordingly, we 
recommended that the agencies take actions to improve their 
Inventories and control processes and that 0MB measure and report 
progress in achieving cost savings. 0MB and 14 of the agencies 
generally agreed with the recommendations or had no comment, The 
Department of Defense partially agreed, and we maintained that 
actions were needed. 


^^GAO, Information Technology: Addibonal 0MB and Agency Actions Needed to Ensure 
Portfolio Savings Are Realized and Effectively Tracked, GAO-15-296 (Washington, D.C.: 
Apr. 16. 2015). 

^^GAO. Federal Software Licenses: Better Management Needed to Achieve Significant 
Savings Government-Wide, GAO-14-413 (Washington, D.C.: May 22, 2014), 

^^GAO, Telecommunications: Agencies Need Better Controls to Achieve Significant 
Savings on Mobile Devices and Services, GAO-15-431 (Washington, D.C.: May 21, 2015). 
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Actions Needed to Address High-Risk Area 

in our February 2015 high-risk report, we identified actions that 0MB and 
the agencies need to take to make progress in this area.^® These include 
implementing the recently enacted statutory requirements promoting IT 
acquisition reform, as well as implementing our previous 
recommendations, such as updating the public version of the IT 
Dashboard throughout the year, As noted in that report, we have made 
multiple recommendations to improve agencies’ management of their IT 
acquisitions, many of which have been discussed in this statement, in the 
last 6 years we made approximately 800 recommendations to multiple 
agencies. As of October 201 5, about 32 percent of these 
recommendations had been implemented. 

Also in our high-risk report, we stated that 0MB and agencies will need to 
demonstrate measurable government-wide progress in the following key 
areas: 

• implement at least 80 percent of GAO'S recommendations related to 
the management of IT acquisitions and operations within 4 years. 

• ensure that a minimum of 80 percent of the government's major 
acquisitions deliver functionality every 1 2 months. 

• achieve no less than 80 percent of the planned PortfolioStat savings 
and 80 percent of the planned savings planned for data center 
consolidation. 


In conclusion, with the recent passage of IT reform legislation, the federal 
government has an opportunity to improve the transparency and 
management of IT acquisition and operations, and strengthen the 
authority of CIOs to provide needed direction and oversight. Further, by 
identifying improving the management of IT acquisitions and operations 
as a new government-wide high-risk area we are bringing necessary 
attention to several critical IT Initiatives in need of additional 
congressional oversight. 0MB and federal agencies should expeditiously 
implement the requirements of the legislation and continue to implement 
our previous recommendations. To help ensure that these improvements 
are achieved, continued congressional oversight of OMB’s and agencies' 
implementation efforts is essential. 


^®GAO-15-290. 
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Chairmen Meado\ft« and Hurd, Ranking Members Connoiiy and Keily, 
and Members of the Subcommittees, this completes my prepared 
statement. I would be pleased to respond to any questions that you may 
have at this time. 


GAO Contacts and Staff Acknowledgments 

For additional information about this high-risk area, contact David A. 
Powner at (202) 512-9286 or pownerd@gao.gov, Carol Cha at (202) 512- 
4456 or chac@gao.gov, or Valerie Melvin at (202) 512-6304 or 
melvinv@gao.gov. Individuals who made key contributions to this 
testimony are Kevin Walsh (Assistant Director), Chris Businsky, Rebecca 
Eyier, Kaelin Kuhn, and Jessica Waselkow. 
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Mr. Meadows. Thank you so much. 

The chair will recognize himself for 5 minutes to follow up, I 
guess, on our opening statement. So I want to just thank all five 
of you for your illuminating testimony. 

I guess, for me, part of this would piggyback on what I had high- 
lighted during our opening remarks, and that would be, as we look 
at savings, what incentive is there for you to save and be efficient, 
only to give the money back to someone else or back to the general 
Treasury, where it gets reallocated or reappropriated to somebody 
else? Is there a real incentive for you to do that? 

Mr. McKinney, do you want to weigh in on that? 

Mr. McKinney. I’d be glad to. 

That was music to my ears when you said that, because I abso- 
lutely believe that, you know, not only do I need to drive down cost, 
I need to drive up service delivery and improvement of delivery of 
services. 

And, you know, if we can have an ongoing conversation about 
how we can incentivize people, you know, when they drive down 
their costs, that there’s that reinvestment opportunity and trans- 
parency about that reinvestment opportunity, I think that’s a great 
conversation to have. 

Mr. Meadows. So do you think you could work with GAO and 
0MB as it relates to that? 

Because one of the concerns I have really has to do with the data 
that not only you but Treasury and others have put forth. So let 
me be specific. I mean, when we are talking about savings and re- 
porting those savings to GAO, where we are trying to get a good 
scorecard, I guess. Transportation, you had indicated that, you 
know, there was some $77 million in savings. But yet when Con- 
gress gets a report through 0MB and other sources, the savings 
was only $3 million. 

Mr. McKinney. Yeah. 

Mr. Meadows. Now, I am not saying that the $3 million or the 
$77 million, either one of those, is inaccurate, but there is a fly in 
the ointment somewhere. And so, in doing that, is that because, ob- 
viously, we want to save as much as we can and that you get pe- 
nalized by Congress when you have saved money? 

I am amazed at the amount of fourth-quarter spending that goes 
on around here. I mean, I know it shouldn’t be a shock, but it is 
amazing how many dollars we spend in the fourth quarter, saving 
up for the first three. 

So why would you think that there would be an inconsistency 
there? And I am not trying to put you on the spot. 

Maybe, Mr. Scott, let me come to you and let you answer that 
question. Why would there be an inconsistency with what is re- 
ported in terms of savings through you and then others, to Mr. 
Powner, in terms of those same dollar savings? 

Mr. Scott. I’m not sure I have the complete answer. As we’ve 
discussed about this topic with various organizations, various agen- 
cies, and so on, I think it’s a combination of a couple of things. 

One is, some measures that we use here are cost avoidance as 
well as actual cost savings. So it depends on how you answer the 
question — or how you ask the question, what the answer is. 
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Mr. Meadows. So is that like saying that someone is going to go 
to a sale at a supermarket and, because they decided not to buy 
something that may have been more expensive, that they have 
saved that amount of money? 

Mr. Scott. Or it could be required increases that are absorbed 
by existing technology, those kinds of things. 

Mr. Meadows. All right. So can we get that consistent? Because 
if that is an inconsistency, you know, it is inconsistent in the defi- 
nition of what you are reporting to 0MB and then the same that 
you are reporting to GAO. We are talking about apples and or- 
anges. 

So that is what you are saying, is it is a definitional 

Mr. Scott. It’s one of the things that I think we collectively have 
to work on, that we’re using the same measures when we talk 
about the same thing. And even in the scorecard that I see here, 
I see differences in the way that 0MB is measuring something. 

Mr. Meadows. And there are going to be. In fact, I think we 
have talked to GAO with that. And here is what a lot of the agen- 
cies are going to get: the benefit of the doubt today. As we start 
to refine this and define this, then I would say that the benefit of 
the doubt and the score — I fully expect some of your scores to go 
down as we look at this. And that is not going to be very troubling 
unless it is a trend. And I think that all of us, in a bipartisan way, 
are trying to make sure that it is the trend that we are looking at, 
that we are making progress. 

And so let me finish up, Mr. McKinney, with one of yours. In 
your testimony, you highlighted that 70-percent sweet spot in 
terms of the enterprise systems and so forth. 

Mr. McKinney. Right. 

Mr. Meadows. Do you believe that that is the area that you have 
the most control over in terms of IT expenditures? 

Because data centers seem like — and the definition of “data cen- 
ter” — and we have had hearings in this very room on data centers 
and what they are and what they are not. It seems like that is 
where the big number is in terms of savings? 

Mr. McKinney. Yes, sir. Not only is it the big number, you know, 
in my experience with IT, it’s foundational, you know. Everything 
else that you do in IT you do on top of that foundation. 

And it’s like you got an old house, somebody gives you an old 
house; where do you go? You go into the basement. So I’m headed 
into the basement, trying to figure out what’s the foundation, 
what’s the plumbing, what’s the electrical like, and try to fix that 
first. 

I think the most of the money, the savings, is in that, but I also 
think it’s absolutely essential if we’re going to build great IT on top 
of it. 

Mr. Meadows. Well, here is what I would offer to each one of the 
agencies as we start to work with that. If any of you or all of you 
want to work with us in terms of being more aggressive in terms 
of data center consolidation and those big numbers, I will work in 
a bipartisan way with my colleagues to go to the appropriators and 
say, listen, we need to give them the benefit of the doubt, whether 
that is on the authorizing side or certainly on the appropriating 
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side, and see what we can do. And if you want to reach out to do 
that, that offer stands. 

And so the chair would recognize the gentlewoman from Illinois, 
Ms. Kelly. 

Ms. Kelly. Thank you, Mr. Chairman. 

Mr. Powner, has GAO identified problems with self-reported data 
in the four areas graded in the scorecard? 

Mr. Powner. Yes, we have. 

So, for instance, on incremental development, you know, there 
are some agencies that are reporting a very high percentage of 
projects that they plan to deliver in 6 months. We have some ongo- 
ing work on that. We see those percentages much lower when we 
go in and start looking, you know, underneath the covers on that. 
So that’s an area that I think the grades will go down, with some 
of the data that’s not accurate. 

On the data center front, I think there are some agencies — like. 
Treasury and Transportation, they got F’s, hut we feel better about 
their F’s because they have high goals. Okay? So that 

Mr. Meadows. I bet there are a lot of kids around the country 
that would say that their parents should feel better about their F’s. 

Mr. Powner. Right. But some agencies that have A’s and B’s 
with low goals and they actually have achieved more than their 
goal, we don’t feel so good. So I think those grades are going down; 
their grades are going to be going up. 

So it’s kind of a mix when you look at the different areas. But, 
again, I think the self-reported and your grades and focus will help 
with self-reporting, and hopefully our audits that will be coming 
behind the numbers will also help get the information right. 

Ms. Kelly. Well, have you identified any causes for this, behind 
the issues in self-reported data? Like, what do you think the causes 
are? 

Mr. Powner. Well, I think, on data centers, for instance, the last 
report we did, there were six agencies — and GSA was one of 
them — that we thought had a high number of closures with not 
high dollars and savings. And we asked those agencies to go back 
and look at their dollar savings. 

I think that there are just certain agencies that need to relook 
at it. And they might need a push, both from Congress, with your 
oversight, from 0MB. Hopefully, we can help with some of that. 

I do think, with the codifying the data center consolidation in 
FITARA, estimates now need to go out through 2018. And that’s 
why I think the $8 billion savings on data centers, it’s going to be 
a lot more than that if we really get serious about it. 

Ms. Kelly. Okay. Thank you. 

Mr. Scott, OMB’s FITARA implementation guidance includes a 
data improvement program that provides guidance to agencies on 
how to improve their data reporting related to FITARA require- 
ments. How will 0MB enforce the requirements of the data im- 
provement program? 

Mr. Scott. So, we do, first of all, a bunch of data collection, in- 
cluding quarterly standard data collection. And we have actually 
had a program in place for a while to try to improve the quality 
of that data collection that we do. And as we have gotten experi- 
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ence with that, and also working with GAO, we continue to identify 
opportunities. 

So this is one of the tools that I think, actually, FITARA is going 
to help us with. Because it requires more transparency and visi- 
bility top to bottom in the agency, we now have an opportunity to 
get better data. And I think as any of these gentlemen will testify, 
this has been a great forcing function within the agency to sort of 
flush out of, you know, some of the hiding places where IT dollars 
were. 

So we have both experience in improving the data quality, but 
now I think we have the opportunity, as the result of FITARA, to 
get better data in the first place. 

Ms. Kelly. Okay. 

And what are the consequences if the agency does not make a 
data improvement plan or fails to take steps to execute a plan? 

Mr. Scott. Well, we have a bunch of leverage that we can use. 
We can leverage our colleagues on the budget side of 0MB to help 
make sure the right things are taking place, and, also, on the man- 
agement side, we have the President’s Management Council. We 
have peer pressure, frankly. 

And then there is nothing like public exposure on our Web site 
and oversight by this committee and GAO and inspectors general. 
So I think this is one of those areas where daylight will help all 
us of us make sure we get the data and the information we want. 

Ms. Kelly. I know someone mentioned a push from Congress, 
but is there anything else Congress can do to ensure that agencies 
are reporting timely and reliable data? 

And anybody can answer that. 

Mr. Scott. Well, I think, from my viewpoint, you know, there’s, 
sort of, no bad scorecard. We just have to agree on what the score- 
card is and what we are going to measure in a uniform and con- 
sistent way. So there is no right or wrong here. I think the secret 
is consistency, and then we can drive for data quality in the things 
that we are collecting. 

And so I look forward to working with this group and others to 
make sure we are collecting the same stuff in the right way to then 
drive the right action. 

Ms. Kelly. Any other comments from anyone? 

Nope? 

I yield back the balance of my time. 

Mr. Meadows. All right. 

The chair — did you want to comment on that? Okay. 

The chair recognizes the gentleman from Virginia, Mr. Connolly, 
the chairman of the Subcommittee on Government Operations. 

Mr. Connolly. I thank my friend. 

Gosh. By the way, Mr. Scott, in response to Ms. Kelly, so is 0MB 
or is GAO going to be putting on their Web site these scores? 

Mr. Scott. We hadn’t made a specific plan for this Dashboard. 
Frankly, we just saw it in the last day or two, so we haven’t really 
even had the opportunity to discuss it. 

Mr. Connolly. All right. I would just suggest to you, respect- 
fully, given your answer to Ms. Kelly, it would be perfectly con- 
sistent to do so. If we want sunshine and we want to — and we can 
always do it with the right caveat. 
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All right. Mr. McKinney, thank you for your statement, along 
with your colleagues on your right and left. It was not defensive. 
It was self-reflective. And, hoy, if everybody approaches this oppor- 
tunity that way, the Federal Government is going to he humming, 
at least when it comes to investment management and deployment 
of IT assets. And that gives me great hope. So thank you for your 
statement. 

Mr. McKinney. Thank you, sir. 

Mr. Connolly. Very empowering. 

Mr. Powner, Mr. McKinney indicated in response to Ms. Kelly 
that, when it comes to data center consolidation, that is 
foundational. You know, absent that, we are not going to effectuate 
the kinds of reforms and efficiencies and savings we need. 

I got to admit, you surprised me. I was off by 3,000. It seems like 
every hearing we have we discover another 2,000 or 3,000 data cen- 
ters. 

You have released your report on your work assessing the Fed- 
eral Government’s status on the consolation effort. What are the 
challenges toward significant reduction and consolidation? 

Mr. Powner. Well, I think you need to look at the current goals 
that they have. So, of the 11,700 data centers that are being re- 
ported, agencies are only reporting 275 of those are core. Now, we 
are not going to consolidate 

Mr. Connolly. Could you say that again? I couldn’t hear you. 

Mr. Powner. These are the core data centers, so these are the 
primary data centers that you really want to consolidate into. So 
there still will be these non-core that remain. 

But I think, when you really look at agencies and you look at the 
number of core centers they have, that needs a closer look. And 
this is something we discussed with Mr. Scott and some folks at 
0MB. They’ve got some good guidance that’s coming out on data 
center consolidation, what agencies need to do down the road, and 
that includes getting better estimates up to school-year 2016 
through 2018. 

But I really think a good, hard look needs to occur with those 
core data centers. And is the number, is that the right number? 
And the ones that are non-core, what are we really doing with 
them? How many of those are going to be remaining? 

Mr. Connolly. Assuming we are able to get everybody on board 
with this consolidation, Mr. Scott, what happens to the savings the 
agency might effectuate? I mean, I think Mr. Powner said maybe 
$8 billion, maybe more, actually. 

Because Mr. Meadows and I have focused on this. We don’t want 
to punish someone unwittingly by saying, great, you saved all that 
money, now give it to us, and we are going to, you know, use it 
for some other purpose, rather than reinvesting in the enterprise 
in new IT assets or management throughout. 

What happens to the savings? And what, in your opinion, can we 
do or should do legislatively to help make that an incentive rather 
than a disincentive? 

Mr. Scott. I think, generally speaking, what happens is it’s at 
the discretion of the agency, what to do with the savings. So the 
money may be reprogrammed for other efforts. 
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But I think you’re hitting at one of the core issues, which is, for 
an agency CIO to undertake any kind of major reinvestment to re- 
place an old, antiquated legacy system, which is one of the things 
we want agencies to do, there has to be some source of funds for 
doing that. And that source of funds may have to be more than 
what’s available in 1 year or in the savings that come from other 
savings efforts that go on. 

Our guidance that we just issued for public comment, A-130, 
suggests a new model for decisionmaking around software invest- 
ments, including greater use of shared services, greater use of al- 
ready-existing technology that is modern and that the government 
has rights to, and a series of things like that that should begin to 
also generate additional savings. 

But, fundamentally, we need to have a different kind of funding 
mechanism than is generally available today, in my opinion. 

Mr. Connolly. If I could ask one more question, Mr. Chairman? 
And then I will yield, of course, to Ms. Duckworth. 

But one of the other features of FITARA is a management fea- 
ture, which is to try to evolve into a meaningful hierarchy of deci- 
sionmaking when it comes to the title of CIO. The three of you 
have that title. 

How many other people in your agency have it, Mr. McKinney? 

Mr. McKinney. Well, we have nine operating administrations, 
and each one of them has someone with the title of 

Mr. Connolly. CIO? 

Mr. McKinney. Yes, sir. 

Mr. Connolly. Mr. Shive? 

Mr. Shive. When we started our consolidation, we had 27 CIOs; 
now we have 1. 

Mr. Connolly. Twenty-seven; now we are at one. 

Mr. Bhagowalia? 

Mr. Bhagowalia. I have nine, sir. 

Mr. Connolly. Nine. 

Because, generally, when you ask even very large corporations — 
I do it as a trick question — “By the way, how many CIOs do you 
have?” And they look at me kind of funny and go, “Well, one,” no 
matter how big. You know, we have 250 people over 24 agencies — 
or did, when we wrote the bill. 

We didn’t prescriptively say, “There shall be one,” because we 
didn’t want to create resistance for you and your colleagues in try- 
ing to get your job done. But we were hoping that, over time, we 
kind of evolve to one individual who is infused with responsibility, 
accountability, flexibility to make decisions and to stick by them. 

Mr. Scott, final aspect of this one question: How are we doing in 
evolving that way? It sounds like Mr. McKinney’s organization has 
done a pretty good job of doing it. 

Mr. Scott. I think it’s a little too early to tell across the Federal 
Government how we are doing. 

What we have seen in agencies’ plans, generally, is some reduc- 
tion in the number of CIOs. So there are definitely cases where 
somebody has said, you know, if this is what I’m going to be re- 
sponsible for, I don’t want the title of CIO anymore, and we’ll give 
it to somebody else. 
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And what we are looking for specifically is the overall governance 
framework. So we haven’t specifically focused on CIO title reduc- 
tion, hut what we are looking at is, you know, where the account- 
ability and responsibility flows and how it flows up to the agency 
CIO. 

Mr. Connolly. Thank you for your indulgence, Mr. Chairman. 

Mr. Hurd. [Presiding.] Thank you. 

So now I would like to recognize the gentlewoman from Illinois, 
Ms. Duckworth. 

Ms. Duckworth. Thank you, Mr. Chairman. 

I am actually going to follow up on what my colleague was say- 
ing. Mr. Scott, I sort of want to look at this idea of the enhanced 
CIO authority and how it benefits the IT acquisition process, going 
right back to what you were just talking about, the consolidation. 

And one of the things bureaucracies are known for, sir, is turf 
battles. And having worked inside the VA, where there are some 
significant turf battles there, and watching that and then being 
able to see the IT come together under Roger Baker as a CIO there, 
I gain hope. 

Can you talk a little bit about the enhanced CIO authority and 
how that affects the acquisition process when you have this diverse 
number of alternate CIOs within each of the agencies? 

Mr. Scott. I think there’s a couple of things that have either 
been done or are in progress that will help this. 

So, first of all, we are issuing broad guidance in some of the com- 
modity IT areas, like laptops, desktops, servers, and so on, that I 
mentioned so that there is much stronger, sort of, guidance in 
terms of how that will be done in an agency. And that includes 
transparency of spend and the plans in that space. 

Also, as I mentioned, this A-130 guidance that we have out for 
public guidance is also more prescriptive. And with the CIO au- 
thorities, now there is a tool for the agency CIO to say, here’s the 
law, here’s the guidance, and then measures compliance with those 
things in particular. 

Again, I think probably the biggest trick to all of this is making 
sure that the data is exposed in some way so that the agency CIO 
can understand what’s going on. And, frankly, that’s going to be 
one of the challenges that we deal with over the next couple of 
years, is making sure that the reporting systems that we have cap- 
ture the data at the right level and then that’s available to the 
agency CIO. 

In a big, complex agency, you might have multiple systems that 
gather that data in a non-uniform way, as Richard was talking 
about. And that’s going to have to be dealt with as we go down the 
road here. 

Ms. Duckworth. Mr. McKinney, do you see this as one of your 
major things that you are going to be needing to work on as you 
go into the basement? 

Mr. McKinney. Yeah. You mean the governance issues? Yes, ab- 
solutely. 

I wanted to, if I could, comment on that, you know, about having 
nine CIOs. 

Ms. Duckworth. Yeah. 
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Mr. McKinney. I believe that if we could get the balance be- 
tween what ought to be centralized as a utility for the Department 
and then we then — each of the operating administrations have 
unique business needs. And I need somebody, whether it’s the title 
of CIO or IT engagement manager, whatever it is, somebody whose 
job, sole job, it is to focus on the alignment of the technology to 
that particular business, while the central office, my office, tries to 
manage that underlying utility. 

Now, that’s not to say I wouldn’t be involved in that, but what 
I’m saying is I need eyes into that business unit to understand 
their unique business needs. And whether we call that a CIO or 
IT engagement manager, whatever we want to call it, I think that’s 
the right balance point between the two. 

Ms. Duckworth. Are you confident that the things that come 
out of central office, say, the guidance that come out of central of- 
fice, with or without a concurrence from the folks out in the field, 
are going to be carried out? 

Because one of the things I have seen in bureaucracies at the 
Federal level is that lots of great things come out of central office 
and then they slow-walked. 

Mr. McKinney. Right. I have tried, in the few years I have been 
at DOT, to create a governance model where I, as the CIO, sit 
down with those modal CIOs and that we have a true business 
council, that we have true governance and dialogue between us, 
that we make decisions together. 

So I do not want to be the central office that dictates out to the 
business units and they have no input. That won’t work. What 
works is when the people work together towards a common goal. 

Ms. Duckworth. I would agree. But wouldn’t you agree that, at 
some point, there are going to be some things that are going to be 
unpopular 

Mr. McKinney. Yes. 

Ms. Duckworth. — that you are going to have to say, as the cen- 
tral office, okay, this is the one thing you are going to have to do 
and suck it up? 

Mr. McKinney. Yep. Yep. 

I mean, that’s what happened during the cyber sprint that we 
did. You know, that’s an example of where I put FITARA to use. 
0MB came out with these goals about privileged and unprivileged 
access, and DOT’s numbers were way down, and I called all those 
CIOs together, and I said, “We’ve got 30 days, and we’re going to 
be at 100 percent of privileged, and we’re going to get a high num- 
ber on unprivileged” — and we got to 97 — “and you’ve got 30 days 
to get it done, and they’re not cutting us any slack and I can’t cut 
you any slack.” And, you know, to our credit, 30 days later, we 
were kind of at the top of the list of departments that tackled that 
issue. 

Now, we’ve got a lot more issues ahead of us, but that’s where 
the departmental CIO says, “I’ve taken your input. I’ve listened, 
but here’s what we’ve got to do.” And, you know, a good CIO isn’t 
bashful about making those calls. 

Ms. Duckworth. Thank you. 

I yield back, Mr. Chairman. 

Mr. Hurd. Thank you. 
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I would like to recognize myself for 5 minutes. 

And continuing along that line of questioning, if there are mem- 
bers of you all’s staff that would enjoy coming up here and testi- 
fying and we get to ask them the questions, why they are not going 
forward on things, we will be more than happy to do that. 

My first question, Mr. Shive, GSA got one of the two B’s out of 
the 24 CFO agencies, which were the two highest scores. Now, 
when we break it down and look at the data center consolidation, 
we graded you at a D. But if we did this on a curve, you were one 
of the better performing agencies on data center consolidation. 

Did you need additional moneys in order to do that data center 
consolidation? 

Mr. Shive. No. 

Mr. Hurd. You went from — you know, the reported savings is 
$49 million, the goal, and you have realized $29 million, which is 
60 percent of that end goal. Did you need additional funding in 
order to achieve that? 

Mr. Shive. No. We self-funded those activities. As a part of our 
IT consolidation, we consolidated much more than just data cen- 
ters. We rationalized our applications, we rationalized our infra- 
structure, reorganized how we do business. And those were savings 
generated from that, and those savings were reinvested into data 
center consolidation. 

Mr. Hurd. And you were able to do that, you had the flexibility 
in order to do that. Is it because you have a unique budget author- 
ity as your role versus maybe some of your peers? 

Mr. Shive. So, no, I don’t have a particularly unique budget au- 
thority. I operate largely out of the working capital fund, and that’s 
what funded most of these activities. 

Mr. Hurd. Great. 

Mr. Shive. What enabled that was actually strong leadership at 
the top of GSA that made this a priority and the fact that we got 
an early start on this. 

Mr. Hurd. Thank you. 

And now, Mr. McIGnney, same question to you. The difference is 
you all have only realized 1 percent of the savings, of your goal. 
Why is that? 

Mr. McKinney. Well, the initial estimate that was provided — I 
think it was in 2011-2012 timeframe, prior to my coming to DOT — 
I would have to characterize it as an overly optimistic stretch goal. 
The number that we reported subsequently to GAO, I think, re- 
flects the true savings. 

I will say this. We have 15 core data centers — 3 of them non- 
FAA, 12 of them in FAA. I believe that we can get our three down 
to two, a primary and a backup. FAA puts a data center in each 
one of their regions. The rest of our data centers are really tele- 
communication closets where there is a network router and a 
switch and maybe a file and print server for document caching. So 
our numbers, as far as the actual number of physical locations, is 
down pretty low. 

I think the other side of — ^you know, and I would ask you to con- 
sider around data center consolidation is, when we started this in 
2011, we really didn’t have mature cloud service providers that we 
could move our stuff to. So I think the key, moving forward, is not 
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only do we shrink the number of data centers, is we move assets 
out of those data centers and up into the cloud. And I believe that 
we are going to be able to move 

Mr. Hurd. You are preaching to the choir on this. 

Mr. McKinney. Yeah. So that’s what we are going to do. 

Mr. Hurd. Now, do you have the authorities to do that? 

Mr. McKinney. Yes. 

Mr. Hurd. All right. And when do you plan to do it? 

Mr. McKinney. We’re in the process of doing it right now. We 
just issued a contract 

Mr. Hurd. And when will it be completed? 

Mr. McKinney. How long will it take us to move it up? It’ll take 
a few years. 

Mr. Hurd. A few years. And how much data are we talking 
about? 

Mr. McKinney. Well, let’s see. I could give you an example. 
Probably by February-March timeframe. I’m going to move my en- 
tire messaging service up into the Microsoft 365 cloud. 

Mr. Hurd. So are we talking 

Mr. McKinney. Four hundred gigabytes of — or, 400 terabytes of 
storage. You know, we’re going to make big moves. And we’re going 
to also start moving just storage up there. 

Mr. Hurd. So is the length of time, years, to move data, is it be- 
cause of the volume of data? Is it because of when you plan on im- 
plementing this? That seems like an incredibly long time in order 
to move even that, the petabytes and terabytes of data. 

Mr. McKinney. Well, you know. I’d like to think — I just don’t 
want to — ^yeah, I don’t want to get in the — you know, be guilty of 
making an overly optimistic stretch goal. I think, yes, we can move 
fast. We are moving as fast as our technical teams are able to do 
it, and 

Mr. Hurd. So am I safe to assume that that may be one of these 
projects that are associated with your major investments that are 
not being delivered deliverables every 6 months? 

Mr. McKinney. I think you’re talking about incremental develop- 
ment. 

Mr. Hurd. Right. 

Mr. McKinney. Yeah. That’s another subject. I’d be glad to get 
into that. 

Mr. Hurd. No, it is another subject, but aren’t those about the 
major investments that you all — would this data center consolida- 
tion not be considered a major investment? 

Mr. McKinney. Yes, it would. 

Mr. Hurd. Right. And so you have 59 projects associated with 19 
major investments, and only 9 of those 59 projects are delivering 
deliverables every 6 months. 

Mr. McKinney. Right. 

Mr. Hurd. And the reason for the remaining 50? 

Mr. McKinney. Well, many of our major investments are on the 
FAA side of the house. 

Mr. Hurd. Sure. 

Mr. McKinney. They involve the national airspace. Incremental 
development, which is often referred to with the tag line “Fail fast,” 
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is not really deemed appropriate for development of technologies 
that are going into the national airspace. 

Mr. Hurd. But, also, on the flip side of that, I would think if we 
would try to be getting the best technology available, to make sure 
that our FAA and our men and women that are flying planes have 
the best technology at their fingertips. 

So talking in terms of years versus months is one of the things 
that has been concerning to us, you know, when we have people 
come up here all the time talking about — and I recognize the dif- 
ficulty of the task, but the American people are tired of hearing it 
takes 2 years to do something that it would take, you know, any 
other entity less amount of time. 

And we can get into the details and, yes, that everybody has a 
unique challenge, you know, but guess what? We still have to de- 
liver. And, one, I want to make sure you have the authorities to 
do that. But, two, when you have those authorities, we are also 
going to hold you accountable on this area. 

Mr. Scott, in your written testimony, you talked about how many 
of the agency plans reflected a view that CIOs would not or did not 
have direct knowledge of IT goods and service acquisition. You 
know, your analysis of these initial agency plans, I think, has been 
one of the best insights we have gotten into this problem. How can 
we help you fix that? 

Mr. Scott. I think there’s probably a couple of things in the 
short run. 

One, as I mentioned, we have a number of these 0MB guidelines 
coming out, and I think the development of the appropriate score- 
cards and measures in that space will help us measure progress in 
that area. And continuing to insist that IT spend be identified as 
a part of major projects and getting the visibility of that at all lev- 
els, whether it’s at the subagency level or at the agency level, is 
super-important. 

Another one, to me, is that, as we plan and budget for things, 
that conversation that takes place among the senior leadership — 
the CXO, the program heads, and so on — that clearly identifies 
what the expectations are of IT in that particular case is absolutely 
one of the keys. And so that’s an area where we just can’t take our 
eye off the ball. We’ve got to make sure we keep focused on it. 

Mr. Hurd. I will consult with my colleagues, but that sounds like 
an area for a great hearing, to discuss this topic and have some of 
those C suite folks talking about why or why not CIOs are not in- 
volved in the procurement process. 

And the last question — and I have exceeded my time. I apologize 
to my colleagues. 

But this is for all of you all. I welcome your feedback and 
thoughts on the scorecard. You know, we sit here and get to ask 
you all tough questions, and I would look forward to — and, Mr. 
Scott, I will start with you. Were you surprised, concerned with the 
scorecard? 

Mr. Scott. Well, I think, again, I didn’t have a lot of time to look 
at it, but, to me, it sort of — one of the ways to look at it is it’s a 
baseline of, sort of, where we are today. And I think the hope for 
FITARA is to seize this historic moment and, frankly, do things dif- 
ferently than we have done in the past. 
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So, to me, the real measure will be, 6 months or a year from now, 
did we really move the needle on these things? I would love to 
change the past. Can’t do that. Haven’t figured out any way. But, 
you know, if we can really make progress in the next year or two, 
I think that’s the real test. 

And, hopefully, the scorecard, you know, can reflect, you know, 
realtime progress as we go down the road. So, as we work together. 
I’d like to figure out how we make sure we are getting more 
realtime visibility. 

Mr. Hurd. Mr. Bhagowalia? 

Mr. Bhagowalia. Mr. Hurd, first of all, I think this legislation 
is very exciting because this legislation offers the most promise 
since Clinger-Cohen to really allow us to do our jobs. In the 30 
years I have been in this business, I think this is the one that I 
think can help us, because you are also providing the oversight to 
make sure it gets done. I like what my colleague Mr. McKinney 
said, that what gets measured gets done. And that’s exactly what 
needs to happen. 

So I would just make two observations. And one would be that 
there’s a little bit of definitional challenges, as well, so we need 
time to process what the scorecards and things mean. But, for ex- 
ample, on our PortfolioStat, we did pretty well in some of the agile, 
but we know we need to do much more than that across all pro- 
grams. So that’s an area we need to take a look at. 

And I think the other thing I will just say is that, as we go into 
acquisition, you know, this can be a partnership with other CXOs. 
We’ve got to really work together to make it happen. But I think 
this is a tremendous way to really get to the validation and 
verification framework. 

Mr. Hurd. Okay. Thank you. 

Mr. Shive? 

Mr. Shive. Thank you. Chairman Hurd. 

I appreciate the work that our partners at GAO put into estab- 
lishing a benchmark and a baseline for us to start to measure suc- 
cess as we move towards FITARA implementation. I think that this 
is a great opportunity to start that discussion so that we can begin 
the work of refining how we measure success, and I look forward 
to being a part of that discussion. 

Mr. Hurd. Mr. Powner, I think I know how you feel on this topic. 
But I want to say that, in my 10 months being in Congress, I have 
been impressed with the professionalism of GAO and the thorough- 
ness of you all’s report. 

So I am going to give the last word to Mr. McKinney. 

Mr. McKinney. Thank you, sir. 

As I said in my opening remarks, I am so grateful to this com- 
mittee for FITARA, but both for the accountability and the author- 
ity. You know, I wanted both. 

And I sense your urgency, I feel your urgency. I have that same 
sense of urgency. As I said, I think this is our last chance to get 
it right. 

So I’m going to take what you’ve said to me today, the account- 
ability that I feel very clearly, and I take it back to work with me. 
Because I have been telling my colleagues that FITARA is to be 
taken seriously, that the accountability is real. And we can debate 
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about the authority, but, at the end of the day, the scorecard is 
going to reflect our accountability. And I appreciate it very, very 
much. 

Mr. Hurd. Well, Mr. McKinney, you can tell your fellow CIOs 
and your agency heads that many of them will be asked to appear 
before us. 

And, Mr. Scott, I agree with you, this should be movement. This 
is the baseline, and if we are not seeing movement, I think these 
conversations are going to grow a little bit more uncomfortable. 

So, with that, I would like to thank our witnesses for taking the 
time to appear before us today. 

If there is no further business, without objection, the subcommit- 
tees stand adjourned. 

[Whereupon, at 4:26 p.m., the subcommittees were adjourned.] 
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November 4, 2015 

Ranldng Member Gerald E. Connolly (VA-11) 

Oversight Subcommittees on Information Technology 
and Government Operations: 

“The Federal Information Technology Acqumtion and Reform Act’s Role in Reducing IT 
Acquisition Risk, Part II - Measuring Agencies' FITARA Implementation” 

Chairman Hurd, Chairman Meadows, and Ranking Member Kelly, I appreciate this latest 
joint subcommittee hearing to examine implementation of the Federal Information Technology 
Acquisition and Reform Act, which is better known as FITARA or Issa-Connolly, Our bipartisan 
legislation represents the first major reform of the laws governing federal IT management since 
the seminal Clinger-Cohen Act of 1996. 

Although that previous effort established a solid foundation, it fell short of achieving its 
full potential in large part due to poor implementation, which was exacerbated by a lack of 
robust congressional oversight as the principal authors left Congress shortly after its adoption. I 
am determined to ensure that will not be the case this time around, and I hope this will be just the 
second in a series of hearings our subcommittees hold to gauge agency progress in realizing the 
transformative nature of these refonns. 

I am encouraged by how quickly the Administration and federal agencies have embraced 
this effort. I appreciate the leadership of federal CIO and the Office of Management and Budget, 
which issued superb implementation guidance earlier this summer. Similarly, OAO has 
designated improving the management of IT acquisitions and operations as a new government- 
wide high-risk area with the expressed intent of encouraging swifter agency adoption of the 
FITARA framework. 

In addition, 1 am pleased by the results of a recent survey of federal IT professionals 
conducted by MeriTalk, a public-private partnership focused on improving government use of 
IT, that shows nearly 80% believe FITARA will have a positive effect on the value of their 
agency’s IT. They specifically cite its potential to reduce duplicative IT systems, improve 
investment decisions, increase communication and transparency, and produce real savings. 

As part of this committee’s effort to provide effective oversight, we have devised a 
scorecard to measure each agency’s progress in implementing the various components of 
FITARA. Today, we will release an initial scorecard focusing on four of those reform activities: 
Data Center Consolidation, IT Portfolio Review Savings, Incremental Project 
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Development/Delivery, Risk and Assessment Transparency. These metrics were selected 
because their implementation will have a demonstrable benefit on IT acquisitions and operations, 
and this data is updated and available on a quarterly basis. Further, OAO already was gathering 
information from the agencies themselves to verify reporting in some of these areas, so the 
committee tasked GAO with collecting the agencies’ self-reported information and then scoring 
it based on our direction, 

I want to caution my colleagues, our partners in the administration, and others in the 
federal IT community that this scorecard is not intended to be a juridical exercise. It should not 
be considered a “scarlet letter” on the backs of federal agencies. This initial assessment is a 
point-in-time snapshot. Much like the quarterly report cards issued in our schools, w'e .fully 
expect agency scores to improve over time as they fully implement these reforms. 

The intent is to urge agencies to seize this moment and use this scorecard as a 
management tool to better guide decision making and investments. While the grades themselves 
are illustrative of overall performance, it is the multiple elements that make up the grades on 
which agencies and our committee will focus to ensure we deliver on the transformative promise 
ofFITARA. 

For example, while the Department of Transportation may be at the lower end of the 
scores on certain areas right now, I am encouraged by reading CIO McKinney’s prepai-ed 
statement, in which he says “IT is no longer just the business of the CIO. Rather, IT is 
everybody’s business.” That is exactly the point, and getting agency buy-in on the value of 
correctly implementing FITARA is paramount. I commend the DOT on its efforts to implement 
a more holistic approach to planning its IT investments by including budget and acquisition staff 
in its decision making process to ensure everyone understands how these decisions must support 
overall IT goals, GSA has a similar arrangement with its Investment Review Board, and 
Treasury employs a best-practice model of IT Information Resource Management. 

I look forward to hearing more about the experiences and observations of these three 
agencies. I also would like to hear more from CIO Scott on the “common baseline” agencies are 
working to achieve by the end of the year. I understand two agencies already have achieved that 
milestone. And finally, I welcome a frank assessment from the OAO on the additional steps 
agencies ought to be pursuing to maximize efficiencies to realize savings, particularly with 
re,speot to holding feet to the fire to advance data center consolidation and maintain robust 
PortfolioStat and TeohStat reviews. 

For example, on data centers, GAO says we are still not fully realizing the goal for 
closing data centers, in part because agencies are not moving aggressively enough to capture 
savings and also because we continue to discover more data centers. When the Federal Data 
Center Consolidation Initiative began in 2010, former CIO Vivek Kundra reported the federal 
government maintained roughly 1,600 data centers, and he established the goal of closing half of 
them. At the time I pushed to cut that number in half again to 400, Three years later, the GAO 
discovered the actual number was north of 6,000 after we applied a broader definition of what 
constitutes a data center. In May 2014, GAO reported the number had grown again to more than 
9,500, and, in preparation for this hearing, we learned that anotlier 2,000 had recently been 
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discovered. This redundant infrastructure is costly and inefficient, and agencies really must 
focus on reducing this footprint to capture what should be considered low-hanging fruit, 

I want to commend our partners for their hard work to advance these important IT 
initiatives. The kind of cultural reforms we are talking about will require continuous monitoring 
and maintenance to be successful. This committee will be a partner in prioritizing effective 
FITARA implementation and ensuring Congress does everything it can to support those efforts. 

Contact; Jennifer Werner, Communications Director, (202) 226-5 181. 
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Agencies’ FITARA Implementation” 

Subcommittee on Information Technology 

November 4, 2015 

Thank you, Mr. Chairman. Today’s hearing is the second hearing in a series of oversight 
hearings the Subcommittees will hold on FITARA implementation to help ensure agencies 
achieve the desired goals of the law and generate opportunities for government savings and 
efficiency in the procurement of Information Technology (IT), 

FITARA includes a number of government-wide reforms for managing IT acquisitions 
and portfolios that will help ensure that the federal government is making wise and efficient 
investments in IT. 

This hearing will help us understand the status of implementation of FITARA and how 
agencies are doing on four important initiatives required by FITARA that could quickly improve 
the management of IT and save taxpayer dollars. 

Agency-wide IT portfolio review and data center consolidation are two provisions of 
FITARA that can quickly help agencies reduce spending, optimize IT resources, and ensure IT 
investments align with agency’s mission and business functions. 

This Committee plays an important oversight role that can increase transparency and 
accountability of agency implementation efforts. Earlier this year, the Committee tasked the 
Government Accountability Office with assessing and scoring agencies implementation of four 
initiatives required by FITARA, including portfolio review and data center consolidation. 

Today we released the FITARA Scorecard results and will discuss the performance of the 
three agencies here today. While these three agencies were selected for this initial Scorecard 
hearing, I hope the Subcommittees will continue to hold hearings with all agencies to measure 
their performance and hold them accountable for fully implementing FITARA provisions. 

These hearings and the FITARA Scorecard show the Committee’s interest and 
commitment to achieving the goals of FITARA, as well as present an opportunity for agencies to 
demonstrate their efforts to generate savings and efficiencies in the management of IT resources. 
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Today, agencies are working with 0MB to assess their current structure for managing IT 
resources and develop a plan for implementing the specific authorities that FITARA provides 
Chief Information Officers. Agencies are required to notify 0MB of any obstacles to 
implementation and work with 0MB to overcome those obstacles. I look forward to hearing 
from our witnesses on the status of FITARA implementation and the challenges agencies are 
facing in overhauling the management of IT resources. 

I want to thank each of the witnesses for testifying today. I look forward to hearing your 
testimony on how agencies are approaching FITARA implementation and the desired goals of 
savings and efficiency in the management of IT. 

Thank you, Mr. Chairman. 


Contact: Jennifer Werner, Communications Director, (202) 226-5 181. 
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Questions for the Record (QFR) to Richard McKinney 
Chief Information Officer 
U.S. Department of Transportation 
From the House Committee on Oversight and Government Reform, 
Subcommittee on Information Technology 
Hearing on: 

The Federal Information Technology Acquisition Reform Act’s (FITARA) Role in 
Reducing Acquisition Risk, Part II. 

November 4, 2015 

From Ranking Member Kelly: 

Question #1 : As the November 2015 FITARA scorecard results highlight, our federal agencies have an 
immense amount of work to do In the areas of: Incremental Development, IT Portfolio Review Savings 
and Data Center Consolidation. With significant funding available for private investment, in addition 
to your own assessment of our critical need for IT infrastructure investment, do you agree that a role 
exists for innovative P3s to aid agencies in IT modernization? 

DOT Response : DOT believes Public Private Partnerships are a valuable procurement tool which can 
streamline and accelerate the delivery of complex, infrastructure projects for state and local 
governments, DOT agrees Public Private Partnerships may be a useful tool in iT modernization as well. 


Question #2; It is my understanding that on December 10, 2014, DOT executed an Energy Savings 
Agreement with WGL Energy Inc. for combined IT, energy, and cybersecurity infrastructure upgrade 
and modernization. This innovative P3 approach would utilize up to $100 million in private capital 
investment and result in approximately $54 million in annual cost savings. Can you advise the 
committee as to the current status of this effort? 

DOT Response : DOT has had ongoing conversations with WGL Energy Inc. regarding its private capital 
proposal as recently as December 2015. While this proposal offers potential cost savings, the 
Department is considering several other factors that impact the analysis. Notably any new data center 
consolidation and IT infrastructure must comply with existing federal mandates, and it is the DOT CIO's 
understanding that the current proposal does not meet these requirements. These suggested 
infrastructure modifications represent $80 million of the proposed investment. 

The remainder of the proposal includes $14 million for on-site energy generation and $6 million in LED 
lighting upgrades. Because the DOT operates in a leased building, any infrastructure modifications 
require the consent and collaboration of the building owner (JBG). The Department has asked WGL 
Energy Inc. to provide further information and clarification about the proposal. 
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